Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\myejwa] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\yyejwawg] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\myejwa] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\myejwa] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k myejwa
- NtQueryDirectoryFile, драйвер-обработчик: mnevty.sys
- NtDeviceIoControlFile, драйвер-обработчик: mnevty.sys
- <DRIVERS>\mnevty.sys
- <SYSTEM32>\0005b646.ini
- <SYSTEM32>\mnevty.dll
- 'localhost':8081