Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] ' ' = '<SYSTEM32>\cmd.exe /C del /Q <SYSTEM32>\rdssrv.exe <SYSTEM32>\rdshost.dll <SYSTEM32>\hdfkt.dll'
- [<HKLM>\SYSTEM\ControlSet002\Services\pkyzzypmamv.sys] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\pkyzzypmamv.sys] 'Start' = '00000002'
- <SYSTEM32>\netsh.exe firewall set allowedprogram "services.exe" enable
- ClassName: '____AVP.Root' WindowName: ''
- <DRIVERS>\pkyzzypmamv.sys
- 'up####-product.net':80
- up####-product.net/track.cgi
- DNS ASK up####-product.net