Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASDSvc.exe] 'Debugger' = 'services.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\1390bcs] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\1390bcs] 'ImagePath' = '<DRIVERS>\1390bcs.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\g37uj65kghfds2gfd2fd2323jhg6] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k "g37uj65kghfds2gfd2fd2323jhg6"
- %WINDIR%\Temp\226671.dat
- %WINDIR%\Temp\226656.dat
- <DRIVERS>\1390bcs.sys
- <SYSTEM32>\mt35aa4m.dll
- <SYSTEM32>\RCX1.tmp
- %WINDIR%\Temp\226656.dat
- %WINDIR%\Temp\226671.dat
- <SYSTEM32>\mt35aa4m.dll
- <SYSTEM32>\RCX1.tmp в <SYSTEM32>\mt35aa4m.dll
- 'ev#####uou6.oicp.net':100
- 'hg####jno61.vicp.cc':100
- DNS ASK kx####ms6.vicp.cc
- DNS ASK ev#####uou6.oicp.net
- DNS ASK hg####jno61.vicp.cc