Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Application Information Driver] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Application Information Driver] 'ImagePath' = '<DRIVERS>\mdm.exe'
- 'Application Information Driver' <DRIVERS>\mdm.exe
- <DRIVERS>\ereq.sys
- <DRIVERS>\svchost.exe
- <DRIVERS>\tmu128.sys
- <DRIVERS>\tmexup128.sys
- <DRIVERS>\tmr128.sys
- <DRIVERS>\nt32corp.sys
- <DRIVERS>\setup.1
- http://ip#####p.flashfxp.com/
- DNS ASK ip#####p.flashfxp.com
- DNS ASK sm##.gmail.com
- DNS ASK google.com
- DNS ASK ft#.##nnybabes.net
- DNS ASK ti###tar.net
- '<DRIVERS>\svchost.exe'
- '<SYSTEM32>\sc.exe' create "Application Information Driver" binpath= <DRIVERS>\mdm.exe start= auto' (со скрытым окном)
- '<SYSTEM32>\sc.exe' config "Application Information Driver" type= own type= interact' (со скрытым окном)
- '<SYSTEM32>\sc.exe' description "Application Information Driver" "Facilitates the drivers of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to...' (со скрытым окном)
- '<SYSTEM32>\sc.exe' create "Application Information Driver" binpath= <DRIVERS>\mdm.exe start= auto
- '<SYSTEM32>\sc.exe' config "Application Information Driver" type= own type= interact
- '<SYSTEM32>\sc.exe' description "Application Information Driver" "Facilitates the drivers of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to...