Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = 'TASKMAN.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = 'TASKMAN.EXE'
- <SYSTEM32>\wcsnet.tmp
- C:\RELYCER\system
- <SYSTEM32>\net1.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"
- <SYSTEM32>\net1.exe stop "Security Center"
- <SYSTEM32>\taskkill.exe /im egui.exe /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\fsg.bat" "
- <SYSTEM32>\net1.exe stop System Restore Service
- <SYSTEM32>\net.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"
- <SYSTEM32>\net.exe stop "Security Center"
- <SYSTEM32>\net.exe stop System Restore Service
- <SYSTEM32>\taskkill.exe /im ekrn.exe /f
- <SYSTEM32>\sc.exe config ekrn start = disabled
- MCAGENT.EXE
- AVP.EXE
- 360tray.exe
- ekrn.exe
- %TEMP%\fsg.bat
- <DRIVERS>\13593.14613
- <DRIVERS>\pcidump.txt
- C:\RELYCER\system
- <SYSTEM32>\wcsnet.tmp
- %TEMP%\fsg.bat
- C:\RELYCER\system
- из <Полный путь к вирусу> в C:\wmiprvse.exe
- ClassName: '' WindowName: ''