Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RemoteStorage] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Hooking] 'Start' = '00000002'
- <SYSTEM32>\server.exe
- C:\Server.exe
- <SYSTEM32>\notepad.exe C:\єс°ш°і БЦ№О.txt
- NtSetInformationFile, драйвер-обработчик: GTHOOK.sys
- NtQuerySystemInformation, драйвер-обработчик: GTHOOK.sys
- <SYSTEM32>\server.exe
- <DRIVERS>\GTHOOK.sys
- <SYSTEM32>\server.exe
- C:\єс°ш°і БЦ№О.txt
- C:\Server.exe
- <SYSTEM32>\server.exe
- C:\Server.exe
- 'in##.wowip.kr':8000
- DNS ASK in##.wowip.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''