Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\EcatServiceDriver304] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\EcatServiceDriver304] 'ImagePath' = 'System32\drivers\EcatServiceDriver304.sys'
- [<HKLM>\System\CurrentControlSet\Services\EcatService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\EcatService] 'ImagePath' = '<SYSTEM32>\EcatService.exe /runasservice'
- %TEMP%\ecat000064.msi
- %TEMP%\emsiout.log
- <SYSTEM32>\ecatservice.exe
- <DRIVERS>\ecatservicedriver.sys
- <DRIVERS>\ecatservicedriver304.sys
- %PROGRAMDATA%\microsoft\crypto\rsa\machinekeys\126ce5c8edf8c2876ee04fd24425ad81_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %WINDIR%\temp\udd39fd.tmp
- %WINDIR%\ecat.$$$
- <DRIVERS>\ecatservicedriver.sys
- %WINDIR%\temp\udd39fd.tmp
- %WINDIR%\ecat.$$$
- '10.#.50.52':8443
- '10.#.50.52':444
- '<SYSTEM32>\ecatservice.exe' /runasservice
- '%WINDIR%\syswow64\msiexec.exe' /i "%TEMP%\ECAT000064.msi" /l*v "%TEMP%\EMSIout.log" /qn