Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Windows WallNet] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Windows WallNet] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\Windows WallNet\Parameters] 'ServiceDll' = '%WINDIR%\NetWall'
- <SYSTEM32>\svchost.exe
- C:\programdata\resmon.resmoncfg
- C:\programdata\appsoft\resmon.resmoncfg
- C:\programdata\appsoft\dwdcw
- C:\programdata\appsoft\svc.dll
- C:\programdata\appsoft\install32.dat
- C:\programdata\appsoft\install32.dll
- %WINDIR%\notepad_1329161.exe
- %WINDIR%\netwall
- %WINDIR%\dnsq
- %WINDIR%\netwall.dll
- %TEMP%\delself.bat
- 'localhost':88
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\delself.bat"' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' C:\ProgramData\appsoft\\install32.dll,installsvc InstallService
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\svchost.exe' NetworkService 3776
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\delself.bat"
- '<SYSTEM32>\ping.exe' 127.0.0.1