Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = 'services.exe'
- <SYSTEM32>\wcsnet.tmp
- %TEMP%\~18387.exe
- C:\RELTEMP\system
- %TEMP%\QvodsetupPlus09.exe
- %TEMP%\360sf.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\fsg.bat" "
- <SYSTEM32>\taskkill.exe /f /im egui.exe
- <SYSTEM32>\taskkill.exe /f /im ekrn.exe
- MCAGENT.EXE
- AVP.EXE
- 360tray.exe
- ekrn.exe
- NtCreateSection, драйвер-обработчик: PCIDump.SYS
- %TEMP%\49796.50820
- <DRIVERS>\46578.47598
- %TEMP%\~18387.ex
- <SYSTEM32>\KO3pF.exe
- %TEMP%\~18387.exe
- %TEMP%\fsg.bat
- %TEMP%\360sf.exe
- %TEMP%\QvodsetupPlus09.exe
- C:\RELTEMP\system
- <DRIVERS>\pcidump.txt
- <SYSTEM32>\wcsnet.tmp
- C:\wmiprvse.exe
- %TEMP%\~18387.ex
- <DRIVERS>\pcidump.sys
- C:\RELTEMP\system
- %TEMP%\fsg.bat
- <DRIVERS>\pcidump.txt в <DRIVERS>\pcidump.sys
- %TEMP%\360sf.exe в C:\wmiprvse.exe
- 'to.#v1l.com':81
- 'localhost':1036
- DNS ASK to.#v1l.com
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: ''