Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%APPDATA%\svchost\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalkxl] 'ImagePath' = '<SYSTEM32>\lytrym.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalkxl] 'Start' = '00000002'
- '<SYSTEM32>\lytrym.exe'
- '%TEMP%\FlashPlayer.exe'
- '%TEMP%\Setup.exe'
- ClassName: 'pediy06' WindowName: ''
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- <SYSTEM32>\lytrym.exe
- %APPDATA%\svchost\svchost.exe
- %APPDATA%\Imminent\Logs\25-09-2016
- %TEMP%\Setup.exe
- %TEMP%\FlashPlayer.exe
- %TEMP%\arma3.exe
- %TEMP%\FlashPlayer.exe
- 'le###n.p-e.kr':9003
- 'kj####em.ddns.net':3353
- DNS ASK le###n.p-e.kr
- DNS ASK kj####em.ddns.net
- ClassName: 'MS_WINHELP' WindowName: ''