Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NetTcpPortSharingSys] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\Mozilla\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\NetTcpPortSharingSys] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- %ALLUSERSPROFILE%\Application Data\Mozilla\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- из <Полный путь к вирусу> в <Полный путь к вирусу>1
- 'pu###c-dns.us':80
- '37.##5.54.48':443
- http://pu###c-dns.us/AgJxGJwnCokdRDt5Rzj4aK0nK0DE68UFP2iQ76CSB1brkL5R3veAnQl/URPYWTpJk3NpF3P83vF4T.php?=x###############################################################
- http://pu###c-dns.us/ueGjPFJTteShmNUf8DPL/soO.qzBUMbQ.ibo0.GkLrNWUY.1/XSshoulOAluuil0lE/LdZhQme.0zz2ccmVxkyAC0yc6b-5W7nWts-KDqHE.jpg
- DNS ASK pu###c-dns.us
- ClassName: 'Shell_TrayWnd' WindowName: ''