Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\cache.log
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\Start Menu\Programs\Startup\Google Inc.exe' = '%HOMEPATH%\S...
- Изменяет DNS-сервер на '208.67.220.123'
- Изменяет DNS-сервер на '208.67.222.123'
- '<SYSTEM32>\wscript.exe' "%TEMP%\s.vbs"
- '%HOMEPATH%\Start Menu\Programs\Startup\Google Inc.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\Start Menu\Programs\Startup\Google Inc.exe" "Google Inc" ENABLE
- ClassName: 'TCPViewClass' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'SmartSniff' WindowName: ''
- ClassName: 'PROCEXPL' WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'gdkWindowToplevel' WindowName: ''
- %TEMP%\s.vbs
- 'sy###.sytes.net':1177
- DNS ASK sy###.sytes.net
- ClassName: '#32770' WindowName: ''
- ClassName: 'PortmonClass' WindowName: ''
- ClassName: 'apateDNS' WindowName: ''
- ClassName: 'WindowsForms10.Window.8.app.0.33c0d9d' WindowName: ''
- ClassName: 'DNSQuerySniffer' WindowName: ''
- ClassName: 'ProcessHacker' WindowName: ''
- ClassName: 'WindowsForms10.Window.8.app.0.218f99c' WindowName: ''