Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{D261261E-622A-7C7B-1EE3-C479EBA23378}\syshost.exe' /service
- '<SYSTEM32>\svchost.exe' -k NetworkServiceNetworkRestricted
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=out action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=out new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=in new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=in action=allow enable=yes profile=any
- %WINDIR%\Temp\95caeab8-8b62-6126-1b32-38c3f7f8105e.tmp
- %WINDIR%\Installer\{D261261E-622A-7C7B-1EE3-C479EBA23378}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\cbd6f8ce.tmp
- '67.##5.15.201':20473
- '19#.#29.129.26':27770
- '11#.#00.36.151':17111
- DNS ASK dn#.##ftncsi.com
- DNS ASK 1.###l.ntp.org
- DNS ASK 2.###l.ntp.org
- DNS ASK 0.###l.ntp.org
- DNS ASK microsoft.com
- '20#.#1.60.74':25858
- '86.##6.62.220':9112
- '18#.#2.2.229':28543
- '92.##.243.224':6680
- '27.#55.43.3':27237
- '95.##.245.142':19146
- '18#.#15.27.209':6605
- '20#.#35.97.98':28015
- ClassName: 'Shell_TrayWnd' WindowName: ''