Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{84725455-D541-0F12-F211-D05373E6A654}\syshost.exe' /service
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=out action=allow enable=yes profile=any
- '<SYSTEM32>\svchost.exe' -k NetworkServiceNetworkRestricted
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=out new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=in new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=in action=allow enable=yes profile=any
- %WINDIR%\Temp\95caeab8-8b62-6126-1b32-38c3f7f8105e.tmp
- %WINDIR%\Installer\{84725455-D541-0F12-F211-D05373E6A654}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\c719421b.tmp
- '1.##2.73.68':10126
- '71.##6.94.161':27026
- DNS ASK 1.###l.ntp.org
- DNS ASK dn#.##ftncsi.com
- DNS ASK 2.###l.ntp.org
- DNS ASK fa###ook.com
- DNS ASK microsoft.com
- DNS ASK 0.###l.ntp.org
- '11#.#94.247.133':12450
- '18#.#98.127.221':19154
- '19#.#8.124.39':19252
- '11#.#50.188.238':24688
- '17#.#6.57.229':13361
- '89.##1.32.38':14107
- '19#.#6.190.189':20930
- '19#.#9.39.240':24439
- '59.##0.107.171':18295
- ClassName: 'Shell_TrayWnd' WindowName: ''