Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\cathost] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\taskmapi] 'Start' = '00000002'
- <SYSTEM32>\taskmapi.exe
- NtQuerySystemInformation, драйвер-обработчик: cathost.sys
- <SYSTEM32>\taskmapi.exe
- %TEMP%\temp_110453.bat
- <SYSTEM32>\dllload.msc
- <SYSTEM32>\0001AF65.tmp
- <DRIVERS>\00019FA6.tmp
- <SYSTEM32>\playwav.apl
- <SYSTEM32>\0001AF65.tmp в <DRIVERS>\cathost.sys
- <DRIVERS>\00019FA6.tmp в <SYSTEM32>\taskmapi.exe
- 'dr####-place.net':80
- DNS ASK dr####-place.net