Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cmc' = '%WINDIR%\cmc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cmc' = '%WINDIR%\cmc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lsasvc' = '<SYSTEM32>\lsasvc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\usbdecil] 'Start' = '00000002'
- <SYSTEM32>\lsasvc.exe
- %TEMP%\cpsa.exe
- %WINDIR%\cmc.exe
- NtTerminateProcess, драйвер-обработчик: cmdriver.sys
- NtQuerySystemInformation, драйвер-обработчик: cmdriver.sys
- NtOpenSection, драйвер-обработчик: usbdecil.sys
- %WINDIR%\cmc.exe
- <SYSTEM32>\lsasvc.exe
- <SYSTEM32>\lsasvc.exe
- <DRIVERS>\usbdecil.sys
- <DRIVERS>\cmdriver.sys
- %WINDIR%\twsetup.log
- %WINDIR%\cmc.exe
- %TEMP%\cpsa.exe
- %WINDIR%\cmc_uninst.exe
- %WINDIR%\CMCPS.ocx
- %TEMP%\cpsa.exe
- 'www.ca###oa.co.kr':80
- www.ca###oa.co.kr/cps/cps_info.php?q_###############################################################
- www.ca###oa.co.kr/cps/setup.php?mo################################
- DNS ASK www.ca###oa.co.kr
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''