Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\iqservice] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\iqservice] 'ImagePath' = 'system32\drivers\iqvw64e.sys'
- 'iqservice' system32\drivers\iqvw64e.sys
- <SYSTEM32>\libcurl.dll
- C:\tempstup\temp\iqvw64e.sys
- C:\tempstup\temp\svv.exe
- %TEMP%\90c9.tmp\90ca.tmp\90cb.bat
- <DRIVERS>\iqvw64e.sys
- %WINDIR%\temp\udd9655.tmp
- %TEMP%\90c9.tmp\90ca.tmp\90cb.bat
- C:\tempstup\temp\svv.exe
- C:\tempstup\temp\iqvw64e.sys
- %WINDIR%\temp\udd9655.tmp
- 'gb##rv.com':80
- 'localhost':49175
- 'localhost':49178
- 'localhost':49181
- 'localhost':49175
- 'sr#.#b-srv.com':80
- 'localhost':49178
- 'localhost':49181
- DNS ASK gb##rv.com
- DNS ASK sr#.#b-srv.com
- 'C:\tempstup\temp\svv.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\90C9.tmp\90CA.tmp\90CB.bat C:\tempstup\temp\svv.exe"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\90C9.tmp\90CA.tmp\90CB.bat C:\tempstup\temp\svv.exe"
- '<SYSTEM32>\sc.exe' create iqservice binPath= system32\drivers\iqvw64e.sys type= kernel start= auto
- '<SYSTEM32>\sc.exe' start iqservice