Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- '%WINDIR%\Installer\{777C7A72-45A0-CC80-7CE0-327A00645954}\syshost.exe' /service
- '<SYSTEM32>\netsh.exe' firewall set opmode mode=DISABLE profile=ALL
- %WINDIR%\Installer\{777C7A72-45A0-CC80-7CE0-327A00645954}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\9abe9c96.tmp
- '2.###l.ntp.org':123
- '1.###l.ntp.org':123
- 'fa###ook.com':80
- DNS ASK 1.###l.ntp.org
- DNS ASK 0.###l.ntp.org
- DNS ASK 2.###l.ntp.org
- DNS ASK qc###rtuop.bit
- DNS ASK da####etqvxu.com
- DNS ASK hj###puzfw.com
- DNS ASK fa###ook.com
- DNS ASK ot####gjojro.com
- DNS ASK ve###evfmk.com
- 'localhost':1046
- 'localhost':1044