Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{F26BA4AA-4127-8A56-1A13-C4E95448F212}\syshost.exe' /service
- '<SYSTEM32>\svchost.exe' -k NetworkServiceNetworkRestricted
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=out action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=out new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=in new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=in action=allow enable=yes profile=any
- %WINDIR%\Temp\95caeab8-8b62-6126-1b32-38c3f7f8105e.tmp
- %WINDIR%\Installer\{F26BA4AA-4127-8A56-1A13-C4E95448F212}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\d44a1de4.tmp
- '14.##.202.102':18950
- '18#.#7.51.222':7817
- '27.##5.58.185':24743
- DNS ASK microsoft.com
- DNS ASK 1.###l.ntp.org
- DNS ASK 2.###l.ntp.org
- DNS ASK dn#.##ftncsi.com
- DNS ASK fa###ook.com
- DNS ASK 0.###l.ntp.org
- '22#.#55.172.202':15260
- '59.##.222.157':6155
- '14.##.106.145':13820
- '78.##.129.58':27302
- '18#.#8.117.70':30695
- '12#.#37.69.78':25217
- '11#.75.21.7':7202
- '18#.#3.41.64':18468
- ClassName: 'Shell_TrayWnd' WindowName: ''