Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\Signd.exe'
- '<SYSTEM32>\taskkill.exe' /im egui.exe /f
- '<SYSTEM32>\rundll32.exe' %WINDIR%\tete191937t.dll testall
- '<SYSTEM32>\taskkill.exe' /im ekrn.exe /f
- '<SYSTEM32>\notepad.exe'
- '<SYSTEM32>\sc.exe' config ekrn start= disabled
- ekrn.exe
- NtQuerySystemInformation, драйвер-обработчик: pcidump.sys
- %WINDIR%\tete191937t.dll
- <DRIVERS>\aec.SYS
- %TEMP%\IXP000.TMP\I.ini
- %TEMP%\IXP000.TMP\Signd.exe
- %TEMP%\IXP000.TMP\·иЧУНЪїу.exe
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Notepad' WindowName: '(null)'