Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\WinD64] 'ImagePath' = '<DRIVERS>\WinD64.sys'
- [<HKLM>\System\CurrentControlSet\Services\WinD64loader] 'ImagePath' = '<DRIVERS>\WinD64.sys'
- [<HKLM>\System\CurrentControlSet\Services\WinD64inject] 'ImagePath' = '<SYSTEM32>\WinD64.exe /X'
- [<HKLM>\System\CurrentControlSet\Services\WinD64loader] 'ImagePath' = '<DRIVERS>\WinD64loader.sys'
- [<HKLM>\System\CurrentControlSet\Services\Micro_Drv] 'ImagePath' = '<DRIVERS>\Micro_Drv.sys'
- <SYSTEM32>\services.exe
- <SYSTEM32>\taskhost.exe
- <SYSTEM32>\wind64.exe
- %WINDIR%\temp\udd8786.tmp
- %WINDIR%\temp\udd83cc.tmp
- %WINDIR%\temp\udd7fb4.tmp
- %WINDIR%\temp\udd7bfa.tmp
- %WINDIR%\temp\udd77e2.tmp
- %WINDIR%\temp\udd7419.tmp
- %WINDIR%\temp\udd7010.tmp
- %WINDIR%\temp\udd6bd9.tmp
- %WINDIR%\temp\udd682f.tmp
- %WINDIR%\temp\udd5c95.tmp
- %WINDIR%\temp\udd5c75.tmp
- <SYSTEM32>\wind64.dll
- <DRIVERS>\wind64loader.sys
- <DRIVERS>\wind64.sys
- <DRIVERS>\micro_drv.sys
- %WINDIR%\temp\udd8b9e.tmp
- %WINDIR%\temp\udd938f.tmp
- %WINDIR%\temp\udd5c95.tmp
- %WINDIR%\temp\udd5c75.tmp
- %WINDIR%\temp\udd682f.tmp
- %WINDIR%\temp\udd6bd9.tmp
- %WINDIR%\temp\udd7010.tmp
- %WINDIR%\temp\udd7419.tmp
- %WINDIR%\temp\udd77e2.tmp
- %WINDIR%\temp\udd7bfa.tmp
- %WINDIR%\temp\udd7fb4.tmp
- %WINDIR%\temp\udd8786.tmp
- %WINDIR%\temp\udd83cc.tmp
- %WINDIR%\temp\udd8b9e.tmp
- %WINDIR%\temp\udd938f.tmp
- '<SYSTEM32>\wind64.exe' /X