Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\XilMax\Parameters] 'ServiceDll' = '<SYSTEM32>\XilMax.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\XilMax] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\XilMax] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\uid98w.bat" "
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\XilMax.dll.tmpa
- %TEMP%\uid98w.bat
- %WINDIR%\tmpfzfes.dll
- <SYSTEM32>\XilMax.dll
- %WINDIR%\tmpfzfes.dll
- 'gh###.twbbs.org':1000
- DNS ASK gh###.twbbs.org