Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Rsskplm' = 'rundll32.exe <SYSTEM32>\hrlvzl01.dll,Start'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Vmlist' = 'regsvr32 /s apphelps.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\hrlvzl01] 'Start' = '00000000'
- <SYSTEM32>\rundll32.exe <SYSTEM32>\hrlvzl01.dll Start
- <SYSTEM32>\regsvr32.exe /s bstef.dll
- <DRIVERS>\hrlvzl01.sys
- <SYSTEM32>\hrlvzl01.dllmmc.pkm
- %WINDIR%\fn00321.log
- %TEMP%\tmp2.CAB
- %TEMP%\tmp1.CAB
- <SYSTEM32>\bstef.dll
- <SYSTEM32>\hrlvzl01.dll
- %TEMP%\tmp2.CAB
- %TEMP%\tmp1.CAB
- '0.#.0.1':21