Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Please Input Service Name] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\HidePort4804] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k imgsvc
- NtDeviceIoControlFile, драйвер-обработчик: 2351800.sys
- %TEMP%\FileName.psd
- %WINDIR%\Temp\Net-Temp.ini
- %WINDIR%\Temp\FileName.psd
- %TEMP%\Net-Temp.ini
- <DRIVERS>\2351800.sys
- %TEMP%\508800.dll
- %WINDIR%\system\NT_Path.jpg
- %TEMP%\FileName.psd
- %WINDIR%\system\NT_Path.jpg
- %TEMP%\508800.dll
- %TEMP%\Net-Temp.ini
- %WINDIR%\Temp\Net-Temp.ini
- DNS ASK 90.##mejf.com
- DNS ASK 89.##mejf.com
- DNS ASK 86.##ckgj.com