Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'HFDF' = '<SYSTEM32>\hfmd00001.exe'
- <DRIVERS>\beep.bin файлом <DRIVERS>\beep.sys
- <DRIVERS>\beep.sys файлом <SYSTEM32>\test.sys
- <DRIVERS>\beep.sys
- <SYSTEM32>\test.sys
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\xxxa.bat" "
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\hfmd00001.exe
- <Текущая директория>\xxxa.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\hfmd00001[1].exe
- <SYSTEM32>\hfmd00001.dll
- <SYSTEM32>\test.sys
- C:\SFC_OS.DLL
- <DRIVERS>\beep.sys
- C:\SFC_OS.DLL
- <DRIVERS>\beep.bin в <DRIVERS>\beep.sys
- <DRIVERS>\beep.sys в <DRIVERS>\beep.bin
- 'localhost':1037
- 'www.ks##c.com':80
- www.ks##c.com/Update/hfmd00001.exe
- www.ks##c.com/Update/Version.txt
- DNS ASK www.ks##c.com