Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{8B310DAE-D820-992A-9361-FCA5F7C03CA9}\syshost.exe' /service
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=out action=allow enable=yes profile=any
- '<SYSTEM32>\svchost.exe' -k NetworkServiceNetworkRestricted
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=out new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=in new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=in action=allow enable=yes profile=any
- %WINDIR%\Temp\95caeab8-8b62-6126-1b32-38c3f7f8105e.tmp
- %WINDIR%\Installer\{8B310DAE-D820-992A-9361-FCA5F7C03CA9}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\a11c6e8d.tmp
- '95.##1.17.76':10427
- '46.##0.51.187':16783
- '18#.#2.123.106':14481
- DNS ASK 1.###l.ntp.org
- DNS ASK dn#.##ftncsi.com
- DNS ASK 2.###l.ntp.org
- DNS ASK fa###ook.com
- DNS ASK microsoft.com
- DNS ASK 0.###l.ntp.org
- '11#.#14.140.87':32330
- '20#.#4.47.219':20439
- '46.##9.34.146':12274
- '12#.#01.228.89':29334
- '79.##4.185.250':12123
- '10#.#90.104.226':6750
- '18#.#34.188.173':32496
- '89.##1.95.14':10561
- ClassName: 'Shell_TrayWnd' WindowName: ''