Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Win32 Services' = '%WINDIR%\inf\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '%WINDIR%\system\winxpl\svchost.exe'
- '%WINDIR%\system\svchost.exe'
- '<SYSTEM32>\netsh.exe' firewall set opmode Disable
- %WINDIR%\system\winnt\windll20130421.cab
- %WINDIR%\inf\svchost.exe
- %WINDIR%\GDIPlusshot.jpg
- %WINDIR%\system\winxpl\windll20130421.cab
- %WINDIR%\system\winxpl\svchost.exe
- %TEMP%\aut1.tmp
- %WINDIR%\WPPID.dll
- %TEMP%\aut2.tmp
- %WINDIR%\system\svchost.exe
- %WINDIR%\inf\svchost.exe
- %WINDIR%\system\winxpl\svchost.exe
- %WINDIR%\system\svchost.exe
- %WINDIR%\inf\svchost.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- '74.##5.232.51':443
- DNS ASK si###.google.com