Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abc8HKS3.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcLkGxK.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcf5klp.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcTgz1A.sys'
- %TEMP%\~abc8HKS3.sys
- %WINDIR%\temp\udd1119.tmp
- %TEMP%\~abcLkGxK.sys
- %TEMP%\top0j30gi449wb.exe
- %TEMP%\~abcf5klp.sys
- %TEMP%\~abcTgz1A.sys
- %WINDIR%\syswow64\0306e4.dll
- %TEMP%\~abc8HKS3.sys
- %TEMP%\~abcLkGxK.sys
- %TEMP%\~abcf5klp.sys
- %TEMP%\~abcTgz1A.sys
- %WINDIR%\temp\udd1119.tmp
- %TEMP%\~abc8HKS3.sys
- %TEMP%\~abcLkGxK.sys
- %TEMP%\~abcf5klp.sys
- %TEMP%\~abcTgz1A.sys
- %TEMP%\top0j30gi449wb.exe
- 'cs.###ove123.com':80
- http://sp.###ove123.com/NIP.dat
- http://sp.###ove123.com/yzxy.txt
- http://cs.###ove123.com/mtmd.php
- DNS ASK sp.###ove123.com
- DNS ASK cs.###ove123.com
- ClassName: '' WindowName: 'TPHelper.exe'
- '%TEMP%\top0j30gi449wb.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start %TEMP%\ToP0j30gi449WB.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c start %TEMP%\ToP0j30gi449WB.exe