Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgsvc.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3LTray.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3LSvc.exe] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYUpdate.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYAgent.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AYServiceNt.aye] 'Debugger' = 'svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ALYac.aye] 'Debugger' = 'svchost.exe'
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\systemInfomations.ini
- <SYSTEM32>\down.txt
- %TEMP%\DogKiller.sys
- %TEMP%\DogKiller.sys
- 'localhost':1040
- 'in####ewfg5.info':80
- in####ewfg5.info/down.txt
- in####ewfg5.info/clcount/count.asp?ma#############################
- DNS ASK in####ewfg5.info
- ClassName: '18467-41' WindowName: ''