Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\ServiceDriver42362] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\ServiceDriver42362] 'ImagePath' = 'System32\drivers\ServiceDriver42362.sys'
- [<HKLM>\System\CurrentControlSet\Services\Service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Service] 'ImagePath' = '<SYSTEM32>\Service.exe /runasservice'
- %TEMP%\ecat000064.msi
- %TEMP%\emsinewagentl.log
- <SYSTEM32>\service.exe
- <DRIVERS>\servicedriver.sys
- <DRIVERS>\servicedriver42362.sys
- %PROGRAMDATA%\microsoft\crypto\rsa\machinekeys\891c84fd662529f6f2bcfed337d3da87_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %WINDIR%\temp\uddebce.tmp
- %WINDIR%\ecat.$$$
- <DRIVERS>\servicedriver.sys
- %WINDIR%\temp\uddebce.tmp
- %WINDIR%\ecat.$$$
- '10.#0.10.10':443
- '10.#0.10.10':444
- '<SYSTEM32>\service.exe' /runasservice
- '%WINDIR%\syswow64\msiexec.exe' /i "%TEMP%\ECAT000064.msi" /l*v "%TEMP%\EMSInewAgentl.log" /qn