Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NationalSer1.5] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\winlogav] 'Start' = '00000002'
- <SYSTEM32>\uensg.exe
- C:\zd1.5_ser.exe
- C:\3.exe
- <SYSTEM32>\svchost.exe -k krnlsrvc
- %TEMP%\221515_res.tmp
- <SYSTEM32>\uensg.exe
- C:\3.exe
- C:\zd1.5_ser.exe
- <SYSTEM32>\RymbtoC.dll
- C:\zd1.5_ser.exe
- C:\3.exe
- %TEMP%\221515_res.tmp в <SYSTEM32>\RymbtoC.dll
- '09###b.3322.org':7610
- 'xj##.8866.org':8080
- DNS ASK 09###b.3322.org
- DNS ASK xj##.8866.org