Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'system_update' = 'C:\explorer.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 2 "C:\explorer.exe"
- из <Полный путь к вирусу> в C:\explorer.exe
- DNS ASK ar#####rgeting.ddns.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK www.no########dmaliciouscode.com.hacker
- ClassName: 'Shell_TrayWnd' WindowName: ''