Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Corporati Assemblies WavesSyse] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Corporati Assemblies WavesSyse] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft WavesSys\WavesSys.exe'
- %ProgramFiles(x86)%\microsoft wavessys\wavessys.exe
- %ProgramFiles(x86)%\microsoft wavessys\wavessys.dll
- %ProgramFiles(x86)%\microsoft svidapctb\svidapctb.exe
- 'po###.laofubtc.com':5559
- 'mi##.gsbean.com':8585
- 'mi##.gsbean.com':5559
- DNS ASK mi##.gsbean.com
- DNS ASK po###.laofubtc.com
- ClassName: '' WindowName: '%ProgramFiles(x86)%\Microsoft SvidaPctb\SvidaPctb.exe'
- '%ProgramFiles(x86)%\microsoft wavessys\wavessys.exe'
- '%ProgramFiles(x86)%\microsoft svidapctb\svidapctb.exe' Y9e5fFJFjShqbmy364kY5APupz9kg/bQNXV7RirRGaeJYLidHNOi8Fl6TrLhD12pPAWD57AhCi9tVnztR3ARRF9p+9w=
- '%ProgramFiles(x86)%\microsoft wavessys\wavessys.exe' ' (со скрытым окном)
- '%ProgramFiles(x86)%\microsoft svidapctb\svidapctb.exe' Y9e5fFJFjShqbmy364kY5APupz9kg/bQNXV7RirRGaeJYLidHNOi8Fl6TrLhD12pPAWD57AhCi9tVnztR3ARRF9p+9w=' (со скрытым окном)