Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\syshost32] 'Start' = '00000002'
- '%WINDIR%\Installer\{25332A80-F999-9622-7014-76D88EA4AC05}\syshost.exe' /service
- '<SYSTEM32>\svchost.exe' -k NetworkServiceNetworkRestricted
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=out action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=out new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall set rule name="Core Networking - System IP Core" dir=in new action=allow enable=yes profile=any
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Core Networking - System IP Core" dir=in action=allow enable=yes profile=any
- %WINDIR%\Temp\95caeab8-8b62-6126-1b32-38c3f7f8105e.tmp
- %WINDIR%\Installer\{25332A80-F999-9622-7014-76D88EA4AC05}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\3c4e30db.tmp
- '17#.#35.78.200':12565
- '18#.#5.52.33':6929
- '16#.#17.147.153':21787
- DNS ASK 1.###l.ntp.org
- DNS ASK dn#.##ftncsi.com
- DNS ASK 2.###l.ntp.org
- DNS ASK fa###ook.com
- DNS ASK 0.###l.ntp.org
- DNS ASK microsoft.com
- '18#.#6.120.80':8764
- '10#.#1.156.148':24703
- '11#.#0.94.159':22893
- '10#.#3.179.229':19676
- '22#.#12.28.202':21049
- '19#.#7.64.16':17281
- '11#.#8.121.192':8901
- '12#.#14.104.82':11334
- ClassName: 'Shell_TrayWnd' WindowName: ''