Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Rsmcsu oamegawk6] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Rsmcsu oamegawk6] 'ImagePath' = '<SYSTEM32>\sndtjhx.exe'
- 'Rsmcsu oamegawk6' <SYSTEM32>\sndtjhx.exe
- C:\users\public\documents\pass.txt
- %WINDIR%\syswow64\sndtjhx.exe
- %WINDIR%\syswow64\sndtjhx.exe
- 'an##88.com':9022
- 'an##88.com':9022
- DNS ASK an##88.com
- '%WINDIR%\syswow64\sndtjhx.exe'
- '%WINDIR%\syswow64\sndtjhx.exe' Win7