Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SysmonLogEvent] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c "%TEMP%\\114281.bat"
- <SYSTEM32>\svchost.exe -k netsvcs
- <Полный путь к вирусу>
- <SYSTEM32>\svchost.exe
- %TEMP%\114281.bat
- <SYSTEM32>\wmspdm2.dll
- '18#.#10.241.82':80
- '18#.#10.241.83':80
- '18#.#10.241.84':80
- '18#.#10.241.79':80
- '18#.#10.241.80':80
- '18#.#10.241.81':80
- '18#.#10.241.88':80
- '18#.#10.241.89':80
- '18#.#10.241.90':80
- '18#.#10.241.85':80
- '18#.#10.241.86':80
- '18#.#10.241.87':80
- '18#.#10.241.70':80
- '18#.#10.241.71':80
- '18#.#10.241.72':80
- '18#.#10.241.67':80
- '18#.#10.241.68':80
- '18#.#10.241.69':80
- '18#.#10.241.76':80
- '18#.#10.241.77':80
- '18#.#10.241.78':80
- '18#.#10.241.73':80
- '18#.#10.241.74':80
- '18#.#10.241.75':80