Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\NalDrv] 'ImagePath' = '%TEMP%\E33.tmp\NalDrv.sys'
- [<HKLM>\System\CurrentControlSet\Services\PROCEXP152] 'ImagePath' = '%TEMP%\PROCEXP152.sys'
- 'NalDrv' %TEMP%\E33.tmp\NalDrv.sys
- 'PROCEXP152' %TEMP%\PROCEXP152.sys
- %TEMP%\fb20.tmp\fb21.tmp\fb22.bat
- %TEMP%\fb20.tmp\beforeinv.exe
- %TEMP%\fb20.tmp\inj.bat
- %TEMP%\fb20.tmp\spartafncracked.dll
- %TEMP%\fb20.tmp\injector.exe
- %TEMP%\fb20.tmp\eacforcer.exe
- %TEMP%\fb20.tmp\null
- %TEMP%\e33.tmp\e43.tmp\e44.bat
- %TEMP%\e33.tmp\e.sys
- %TEMP%\e33.tmp\udmapper.exe
- %TEMP%\e33.tmp\naldrv.sys
- %TEMP%\procexp152.sys
- %TEMP%\procexp152.sys
- %TEMP%\e33.tmp\naldrv.sys
- %TEMP%\e33.tmp\e43.tmp\e44.bat
- 'di##ord.gg':443
- 'di##ord.gg':443
- DNS ASK di##ord.gg
- DNS ASK microsoft.com
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\fb20.tmp\beforeinv.exe'
- '%TEMP%\e33.tmp\udmapper.exe' -map e.sys
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\E33.tmp\E43.tmp\E44.bat %TEMP%\FB20.tmp\beforeinv.exe"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\FB20.tmp\FB21.tmp\FB22.bat <Полный путь к файлу>"
- '<SYSTEM32>\timeout.exe' 3
- '<SYSTEM32>\timeout.exe' 4
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\E33.tmp\E43.tmp\E44.bat %TEMP%\FB20.tmp\beforeinv.exe"
- '<SYSTEM32>\timeout.exe' 2