Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Please Input Service Name] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\HidePort28075] 'Start' = '00000002'
- %TEMP%\XXX.exe
- <SYSTEM32>\svchost.exe -k imgsvc
- NtDeviceIoControlFile, драйвер-обработчик: 1868800.sys
- C:\Anti.sys
- %TEMP%\FileName.psd
- %WINDIR%\Temp\FileName.psd
- %WINDIR%\Temp\Net-Temp.ini
- %TEMP%\Net-Temp.ini
- <DRIVERS>\1868800.sys
- %TEMP%\XXX.exe
- %WINDIR%\system\NT_Path.jpg
- %TEMP%\947700.dll
- %TEMP%\FileName.psd
- %WINDIR%\system\NT_Path.jpg
- %TEMP%\XXX.exe
- %TEMP%\947700.dll
- %TEMP%\Net-Temp.ini
- C:\Anti.sys
- %WINDIR%\Temp\Net-Temp.ini
- '90.##mejf.com':90
- '89.##mejf.com':89
- '86.##ckgj.com':86
- DNS ASK 90.##mejf.com
- DNS ASK 89.##mejf.com
- DNS ASK 86.##ckgj.com