Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\2B6F4A02] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\2B6F4A02] 'ImagePath' = '<DRIVERS>\2B6F4A02.sys'
- %TEMP%\inst1.exe
- <DRIVERS>\2b6f4a02.sys
- %WINDIR%\temp\txsvas01.tmp
- %TEMP%\test.exe
- %WINDIR%\temp\uddcc9d.tmp
- %TEMP%\2345explorer_38841337311_y_silence.exe
- <LS_APPDATA>\microsoft\windows\history\history.ie5\mshist012019071720190718\index.dat
- %WINDIR%\temp\uddcc9d.tmp
- %TEMP%\inst1.exe
- http://do####ad.2345.com/union_common/2345explorer_38841337311_Y_silence.exe
- http://nt.##fakala.xyz/
- http://nt.##fakala.xyz/favicon.ico
- DNS ASK xu#.##login2.qq.com
- DNS ASK do####ad.2345.com
- DNS ASK nt.##fakala.xyz
- ClassName: '' WindowName: 'Microsoft Internet Explorer'
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\inst1.exe'
- '%TEMP%\test.exe'
- '%TEMP%\inst1.exe' ' (со скрытым окном)
- '%TEMP%\test.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\inst1.exe > nul' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\inst1.exe > nul