Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PnP Service] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\NDnet] 'ImagePath' = '<SYSTEM32>\ip_qos.sys'
- %WINDIR%\Adobe32 ARM\rundll32.exe
- <SYSTEM32>\PnPSvc.exe
- NtQuerySystemInformation, драйвер-обработчик: ip_qos.sys
- NtQueryInformationProcess, драйвер-обработчик: ip_qos.sys
- %WINDIR%\Adobe32 ARM\rundll32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\client[1].html
- <SYSTEM32>\ip_qos.sys
- <SYSTEM32>\PnPSvc.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\client[1].html
- 'ma##mit.cc':80
- ma##mit.cc/client.html?qu#######
- DNS ASK ma##mit.cc