Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MjNlZj] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\MjNlZj] 'ImagePath' = '<SYSTEM32>\MjNlZj.sys'
- %TEMP%\Play1.dat
- %TEMP%\nsx2.tmp\nsSCM.dll
- %TEMP%\nsx2.tmp\ns5.tmp
- %TEMP%\nsx2.tmp\ns4.tmp
- %TEMP%\nsx2.tmp\Base64.dll
- %TEMP%\Play32.dat
- %TEMP%\nsx2.tmp\System.dll
- %TEMP%\nsx2.tmp\ns3.tmp
- %TEMP%\nsx2.tmp\NsExec.dll
- %TEMP%\~34t5g.ini
- %TEMP%\Play14.dat
- %TEMP%\Play6.dat
- %TEMP%\Play5.dat
- %TEMP%\Play4.dat
- %TEMP%\Play3.dat
- %TEMP%\Play2.dat
- %TEMP%\nsx2.tmp\ns6.tmp
- %TEMP%\nsx2.tmp\ns7.tmp
- %TEMP%\nsx2.tmp\ns3.tmp
- %TEMP%\~34t5g.ini
- %TEMP%\nsx2.tmp\ns4.tmp
- %TEMP%\nsx2.tmp\ns5.tmp
- %TEMP%\nsx2.tmp\ns6.tmp
- %TEMP%\~34t5g.ini
- '%TEMP%\nsx2.tmp\ns3.tmp' "<SYSTEM32>\regini.exe" %TEMP%\~34t5g.ini
- '%TEMP%\nsx2.tmp\ns4.tmp' "%TEMP%\7z.exe" rn -paabbccdd "%TEMP%\Play32.dat" "UfdsvtIopuy.sys" "MjNlZj.sys"
- '%TEMP%\nsx2.tmp\ns5.tmp' "%TEMP%\7z.exe" x -paabbccdd "%TEMP%\Play32.dat" -o"<SYSTEM32>\"
- '%TEMP%\nsx2.tmp\ns6.tmp' "%TEMP%\7z.exe" x -aoa -paabbccdd "%TEMP%\Play14.dat" -o"%HOMEPATH%\Local Settings\Temp"
- '%TEMP%\nsx2.tmp\ns7.tmp' "<SYSTEM32>\regini.exe" %TEMP%\~34t5g.ini
- '<SYSTEM32>\regini.exe' %TEMP%\~34t5g.ini