Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{01B2F4D0-7D42-D337-2567-2D52C5569139}] 'StubPath' = '<SYSTEM32>\active.exe'
- <SYSTEM32>\dllcache\beep.sys файлом <SYSTEM32>\dllcache\beep.sys.new
- <DRIVERS>\beep.sys файлом %TEMP%\beep.sys
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\anyexe.bat" "
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\anyexe.bat
- <SYSTEM32>\active.exe
- %TEMP%\beep.sys
- <DRIVERS>\beep.sys.new в <DRIVERS>\beep.sys
- 'ri####.#rendmicro.org.tw':443
- DNS ASK ri####.#rendmicro.org.tw