Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\DownloadInformation] 'CODEBASE' = 'https://juniper.net/dana-cached/sc/JuniperSetupClient.cab'
- [<HKLM>\SYSTEM\ControlSet001\Services\aic78xx] 'Start' = '00000002'
- '%TEMP%\<Имя вируса>.exe'
- '<SYSTEM32>\ping.exe' localhost -n 3
- '<SYSTEM32>\net1.exe' start aic78xx
- '<SYSTEM32>\ping.exe' localhost -n 8
- '<SYSTEM32>\ping.exe' localhost -n 2
- %WINDIR%\Downloaded Program Files\JuniperExt.exe
- %WINDIR%\Downloaded Program Files\JuniperSetupClient.ocx
- <DRIVERS>\wincache.dat
- %WINDIR%\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
- %WINDIR%\aic78xxs
- %TEMP%\<Имя вируса>.exe
- %WINDIR%\Downloaded Program Files\JuniperSetupClient.inf
- %WINDIR%\Downloaded Program Files\install.log
- %TEMP%\<Имя вируса>.exe
- %WINDIR%\aic78xxs в <DRIVERS>\aic78xx.sys
- '17#.#0.124.10':8080
- '19#.#4.190.1':8080
- '14#.#6.119.48':443
- '10.##.255.55':3128
- '<IP-адрес в локальной сети>':3128
- '10.#.10.10':8080