Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\jw11575] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\jw11575] 'ImagePath' = '<DRIVERS>\jw11575.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\jwService] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\jw\jwsvc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\jwService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\jw11575] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\b662ef49] 'ImagePath' = '%TEMP%\0bf2bdf20bbfbdbd80d0f822bd4d0d2b\<Имя файла>.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\b662ef49] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378}] 'ImagePath' = 'system32\drivers\jws42894.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378}] 'Start' = '00000000'
- '%ALLUSERSPROFILE%\Application Data\jw\jw.exe' /hu
- '%ALLUSERSPROFILE%\Application Data\jw\jwsvc.exe'
- NtEnumerateKey, драйвер-обработчик: jws42894.sys
- %ALLUSERSPROFILE%\Application Data\jw\jw.exe
- %ALLUSERSPROFILE%\Application Data\jw\jwsvc.exe
- %ALLUSERSPROFILE%\Application Data\jw\configure.xml
- <DRIVERS>\jw11575.sys
- %TEMP%\0bf2bdf20bbfbdbd80d0f822bd4d0d2b\<Имя файла>.sys
- <DRIVERS>\jws42894.sys
- %ALLUSERSPROFILE%\Desktop\МФ±¦.url
- <DRIVERS>\jws42894.sys
- 'oo.###uanjia.com':80
- http://oo.###uanjia.com/api/update
- http://oo.###uanjia.com/api/getconfig
- http://oo.###uanjia.com/api/putserverlog
- DNS ASK oo.###uanjia.com