Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\xkkdkh] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet003\Services\xkkdkh\ParameteRS] 'ServiceDll' = '<SYSTEM32>\nhkhfw.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\ykkdkhdj] 'ImagePath' = '<SYSTEM32>\nhkhfw.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\ykkdkhdj] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\xkkdkh] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\xkkdkh] 'ImagePath' = '<SYSTEM32>\svchost.exe -k xkkdkh'
- [<HKLM>\SYSTEM\ControlSet001\Services\xkkdkh] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\xkkdkh\ParameteRS] 'ServiceDll' = '<SYSTEM32>\nhkhfw.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\xkkdkh\ParameteRS] 'ServiceDll' = '<SYSTEM32>\nhkhfw.dll'
- <DRIVERS>\beep.sys
- <DRIVERS>\beep.sys
- '%TEMP%\НкГАНв№Т.exe'
- '<SYSTEM32>\svchost.exe' -k xkkdkh
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' stop sharedaccess
- 360tray.exe
- AVP.EXE
- NtDeviceIoControlFile, драйвер-обработчик: nhkhfw.sys
- <SYSTEM32>\nhkhfw.sys
- <SYSTEM32>\dllcache\beep.sys.new
- <SYSTEM32>\nhkhfw.dll
- %TEMP%\НкГАНв№Т.exe
- <SYSTEM32>\ 5575d.001
- 'wq##.vipc.cc':8888
- DNS ASK wq##.vipc.cc