Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\system] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\yrsnjlbd] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\system] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\system] 'Start' = '00000002'
- <SYSTEM32>\net1.exe start Spooler
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\svchost.exe -k system
- <SYSTEM32>\net.exe stop Spooler
- <SYSTEM32>\net1.exe stop Spooler
- NtQueryDirectoryFile, драйвер-обработчик: idmbtt.sys
- NtDeviceIoControlFile, драйвер-обработчик: idmbtt.sys
- <DRIVERS>\idmbtt.sys
- <SYSTEM32>\idmbtt.dll
- <SYSTEM32>\0003dad9.ini
- '51##.3322.org':8000
- DNS ASK 51##.3322.org