Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PCIDump] 'Start' = '00000002'
- '<SYSTEM32>\attrib.exe' <DRIVERS>\pcidump.sys -A -R -H
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ccea.bat" "
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\ccea.bat
- <DRIVERS>\pcidump.txt
- %TEMP%\ccea.bat
- <DRIVERS>\pcidump.txt в <DRIVERS>\pcidump.sys
- 'un###.jzads.com':9558
- 'localhost':1035
- DNS ASK un###.jzads.com