Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ddnsfilter] 'Start' = '00000002'
- <Полный путь к вирусу>.exe /res
- <SYSTEM32>\netsh.exe fIrewaLl AdD pOrToPEnIng tcP 8085 ddnsfilter eNABLe
- <SYSTEM32>\sc.exe CreATe "ddnsfilter" tyPE= share start= auto binPaTh= "<SYSTEM32>\svchost.exe -k ddnsfilter"
- <SYSTEM32>\reg.exe adD "hklm\sYsTEM\CuRrenTcoNtroLsET\serVicES\DDnsFilter\pAraMEters" /v ServICeDll /t ReG_EXpaND_Sz /d "%PROGRAM_FILES%\DDnsFilter\DDnsFilter.dll" /f
- <SYSTEM32>\netsh.exe fIrewaLl AdD AllOWeDPrOgrAm naMe="ddnsfilter" prOGram="<SYSTEM32>\svchost.exe" mode=ENABLE
- <SYSTEM32>\cmd.exe /c "<Полный путь к вирусу>.exe" /res >%teMP%\Filter.bat
- <SYSTEM32>\cmd.exe /c "%teMP%\Filter.bat"
- <SYSTEM32>\reg.exe aDd "HKlm\soFtWARe\miCRoSOfT\INTerNEt exPloREr\MAin" /v tP /t ReG_Sz /d 1000 /f
- %PROGRAM_FILES%\DDnsFilter\DDnsFilter.dll
- %TEMP%\Filter.bat
- <Полный путь к вирусу>.exe
- <DRIVERS>\Filter.sys
- 'localhost':8085