Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\hyf55] 'ImagePath' = '%TEMP%\3lD9Kom.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\David] 'ImagePath' = '%WINDIR%\David.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\YouShou] 'ImagePath' = '%WINDIR%\YouShou.sys'
- 'hyf55' %TEMP%\3lD9Kom.sys
- 'David' %WINDIR%\David.sys
- 'YouShou' %WINDIR%\YouShou.sys
- %TEMP%\3ld9kom.sys
- %WINDIR%\david.sys
- %WINDIR%\youshou.sys
- %WINDIR%\temp\udd6ac3.tmp
- %WINDIR%\temp\udd6b61.tmp
- %WINDIR%\temp\udd736e.tmp
- %WINDIR%\temp\udd7b4d.tmp
- %WINDIR%\temp\udd832b.tmp
- %WINDIR%\temp\udd8b0a.tmp
- %WINDIR%\temp\udd92e8.tmp
- %TEMP%\3ld9kom.sys
- %TEMP%\3ld9kom.sys
- %WINDIR%\temp\udd6ac3.tmp
- %WINDIR%\temp\udd6b61.tmp
- %WINDIR%\temp\udd736e.tmp
- %WINDIR%\temp\udd7b4d.tmp
- %WINDIR%\temp\udd832b.tmp
- %WINDIR%\temp\udd8b0a.tmp
- %WINDIR%\temp\udd92e8.tmp
- <Полный путь к файлу>
- из <Полный путь к файлу> в %TEMP%\[13b5302bf95a1a7a9595443a5a21b780]