Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\hy5.5] 'ImagePath' = '%TEMP%\usTjRS7.sys'
- NtOpenProcess, драйвер-обработчик: usTjRS7.sys
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\4.tmp
- %TEMP%\5.tmp
- %TEMP%\6.tmp
- %TEMP%\7.tmp
- %TEMP%\8.tmp
- %TEMP%\9.tmp
- <Текущая директория>\miss.dll
- <SYSTEM32>\zu-ZA2\іхКј»ЇК§°ЬґтїЄОТ.bat
- %TEMP%\usTjRS7.sys
- <Текущая директория>\miss.dll
- %TEMP%\usTjRS7.sys
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\4.tmp
- %TEMP%\5.tmp
- %TEMP%\6.tmp
- %TEMP%\7.tmp
- %TEMP%\8.tmp
- %TEMP%\9.tmp
- %TEMP%\usTjRS7.sys
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\\zu-ZA2\іхКј»ЇК§°ЬґтїЄОТ.bat
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /t REG_BINARY /d 4600000000 /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /t REG_BINARY /d 4600000000 /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f