Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\.NET Framework COM+ Windows Firewall Update Engine] 'Start' = '00000002'
- '<SYSTEM32>\Microsoft Windows Firewall Service\svchost.exe'
- '<SYSTEM32>\Microsoft Windows Firewall Service\svchost.exe' SERVICE_INSTALL "<Полный путь к вирусу>"
- <SYSTEM32>\Microsoft Windows Firewall Service\svchost.InstallState
- <SYSTEM32>\Microsoft Windows Firewall Service\svchost.InstallLog
- <SYSTEM32>\Microsoft Windows Firewall Service\svchost.exe
- 'la######.dyndns-remote.com':4432
- DNS ASK la######.dyndns-remote.com