Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\rmm] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\wnet] 'Start' = '00000002'
- <SYSTEM32>\wnet.exe
- NtQuerySystemInformation, драйвер-обработчик: rmm.sys
- <SYSTEM32>\wnet.exe
- <SYSTEM32>\00031D8B.tmp
- %TEMP%\temp_204203.bat
- <DRIVERS>\000319B3.tmp
- <SYSTEM32>\keyzu.sfm
- <SYSTEM32>\00031D8B.tmp в <DRIVERS>\rmm.sys
- <DRIVERS>\000319B3.tmp в <SYSTEM32>\wnet.exe