Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\LoginNpDrvNameX64] 'ImagePath' = '%ALLUSERSPROFILE%\LineageLogin\LoginNpDriveX64.sys'
- [<HKLM>\System\CurrentControlSet\Services\WFP_ClearAttack] 'ImagePath' = '%ALLUSERSPROFILE%\Microsoft\AppV\WFP_Drive.sys'
- 'LoginNpDrvNameX64' %ALLUSERSPROFILE%\LineageLogin\LoginNpDriveX64.sys
- 'WFP_ClearAttack' %ALLUSERSPROFILE%\Microsoft\AppV\WFP_Drive.sys
- %ALLUSERSPROFILE%\lineagelogin\loginnpdrivex64.sys
- %ALLUSERSPROFILE%\microsoft\appv\wfp_drive.temp1
- %ALLUSERSPROFILE%\microsoft\appv\wfp_drivex86.temp1
- %ALLUSERSPROFILE%\microsoft\appv\scmdrvloader.exe
- %ALLUSERSPROFILE%\microsoft\appv\scmdrvrun.exe
- %ALLUSERSPROFILE%\microsoft\appv\wfp_drive.sys
- %ALLUSERSPROFILE%\microsoft\appv\wfp_drivex86.sys
- <Полный путь к файлу>
- <Текущая директория>\eat.exe
- <Текущая директория>\eat.dll
- <Текущая директория>\login.bin
- %WINDIR%\temp\udd6cf5.tmp
- %WINDIR%\temp\udd6d34.tmp
- %ALLUSERSPROFILE%\microsoft\appv\wfp_drivex86.temp1
- %ALLUSERSPROFILE%\microsoft\appv\wfp_drive.temp1
- %WINDIR%\temp\udd6cf5.tmp
- %WINDIR%\temp\udd6d34.tmp
- '13#.#07.13.100':37
- 'sites.google.com':443
- '13#.#63.4.101':37
- DNS ASK bv##1.com
- DNS ASK gp##me.vip
- DNS ASK sites.google.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''