Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinsysMon' = '<SYSTEM32>\Socks.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\ipclog.exe'
- '<SYSTEM32>\Socks.exe'
- '%TEMP%\IXP000.TMP\Server.exe'
- '<SYSTEM32>\net1.exe' stop wscsvc
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v WinsysMon /t REG_SZ /d "<SYSTEM32>\Socks.exe" /f
- '<SYSTEM32>\cmd.exe' /c %TEMP%\hi.bat
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\netsh.exe' firewall set service type = upnp mode = enable
- <SYSTEM32>\MSWINSCK.OCX
- <SYSTEM32>\socklink.txt
- %TEMP%\hi.bat
- <SYSTEM32>\Socks.exe
- %TEMP%\IXP000.TMP\Server.exe
- %TEMP%\IXP000.TMP\ipclog.exe
- %TEMP%\nsa2.tmp
- %TEMP%\IXP000.TMP\Server.exe
- %TEMP%\IXP000.TMP\ipclog.exe