Техническая информация
- [<HKLM>\SYSTEM\ControlSet002\Services\shazax] 'start' = '00000002'
- [<HKLM>\SYSTEM\CONTROLSET003\Services\shazax\Parameters] 'ServiceDll' = '<SYSTEM32>\nkbhdq.dll'
- [<HKLM>\SYSTEM\CONTROLSET003\Services\shazax] 'start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\shazax\Parameters] 'ServiceDll' = '<SYSTEM32>\nkbhdq.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\shazax] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\shazax] 'ImagePath' = '<SYSTEM32>\svchost.exe -k shazax'
- [<HKLM>\SYSTEM\ControlSet001\Services\shazax\Parameters] 'ServiceDll' = '<SYSTEM32>\nkbhdq.dll'
- '<SYSTEM32>\svchost.exe' -k shazax
- ClassName: 'OLLYDBG', WindowName: ''
- <SYSTEM32>\nkbhdq.dll
- <SYSTEM32>\0004f173.inf
- %TEMP%\80EB2F5C
- '<L####NET>.0.114':80
- http://19#.#68.0.114/20171130/054823/226625.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/054811/214234.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/054849/251968.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/054836/239609.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/054758/201500.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/054720/163703.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/054708/150953.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/054746/188906.jsp via <L####NET>.0.114
- http://19#.#68.0.114/20171130/054733/176375.jsp via <L####NET>.0.114