Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'AMD Driver' = '%LOCALAPPDATA%\AMD Drivers\amd_driver.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AMD Driver' = '%LOCALAPPDATA%\AMD Drivers\amd_driver.exe'
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- %LOCALAPPDATA%\amd drivers\amd_driver.exe
- unc\ymxkld\users\winadmin-setup.exe
- 'pa###6.2x4.ru':80
- http://www.wh###smyip.com/automation/n09230945.asp
- http://ip###odb.com/ip_query.php
- DNS ASK wh###smyip.com
- DNS ASK ip###odb.com
- DNS ASK pa###6.2x4.ru
- '%LOCALAPPDATA%\amd drivers\amd_driver.exe'
- '%WINDIR%\syswow64\netsh.exe' Advfirewall set Currentprofile State off