Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\84a11815df01e68f] 'ImagePath' = '<DRIVERS>\84a11815df01e68f.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\84a11815df01e68f] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\205f1] 'Start' = '00000001'
- %WINDIR%\Installer\{E308D51E-EACA-4F8B-AD84-EC9C8D5163BB}\syshost.exe /service
- NtOpenThread, драйвер-обработчик: unknown
- NtOpenProcess, драйвер-обработчик: unknown
- <DRIVERS>\84a11815df01e68f.sys
- <DRIVERS>\205f1.sys
- %WINDIR%\Installer\{E308D51E-EACA-4F8B-AD84-EC9C8D5163BB}\syshost.exe
- из <Полный путь к вирусу> в %TEMP%\486f1c18.tmp
- 'ba##arc.net':80
- 'wa##eal.com':80
- '74.##5.232.51':80
- ba##arc.net/api.cgi
- wa##eal.com/api.cgi
- DNS ASK wa##eal.com
- DNS ASK ba##arc.net
- DNS ASK www.google.com
- '<IP-адрес в локальной сети>':1035