Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Lace514] 'ImagePath' = '<DRIVERS>\Lace_tdi_x86.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Lace514] 'Start' = '00000001'
- '%TEMP%\nst3.tmp\ns6.tmp' sc create Lace514 binpath= <DRIVERS>\Lace_tdi_x86.sys DisplayName= Lace514 type= kernel start= system group= PNP_TDI
- '%TEMP%\nst3.tmp\ns5.tmp' net stop Lace514
- '%TEMP%\nst3.tmp\ns4.tmp' sc stop OtherSearch
- '<SYSTEM32>\net1.exe' stop Lace514
- '<SYSTEM32>\sc.exe' create Lace514 binpath= <DRIVERS>\Lace_tdi_x86.sys DisplayName= Lace514 type= kernel start= system group= PNP_TDI
- '<SYSTEM32>\sc.exe' stop OtherSearch
- '<SYSTEM32>\net.exe' stop Lace514
- iexplore.exe
- opera.exe
- firefox.exe
- chrome.exe
- %TEMP%\updengine.exe
- %ProgramFiles%\OtherSearch\updengine.exe
- %ProgramFiles%\OtherSearch\uninstall.exe
- %ProgramFiles%\OtherSearch\slite.exe
- <DRIVERS>\Lace_tdi_x86.sys
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\CREDHIST
- %ProgramFiles%\OtherSearch\OtherSearch.exe
- %TEMP%\nsd2.tmp
- %TEMP%\nst3.tmp\ns5.tmp
- %TEMP%\nst3.tmp\ns4.tmp