Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\5yyz] 'ImagePath' = '%TEMP%\ANTI.sys'
- '5yyz' %TEMP%\ANTI.sys
- %TEMP%\9230.tmp
- %TEMP%\92fc.tmp
- %TEMP%\9399.tmp
- %TEMP%\anti.sys
- <Текущая директория>\tmp\jltx.dll
- <Текущая директория>\tmp\jltx_data.dll
- <Текущая директория>\tmp\jltx.dll
- <Текущая директория>\tmp\jltx_data.dll
- %TEMP%\9230.tmp
- %TEMP%\92fc.tmp
- %TEMP%\9399.tmp
- %TEMP%\anti.sys
- http://st#####.##gitalcertvalidation.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEAnWpa%2FDjmi2DnPT%2BfwhQAo%3D
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://c1.#yyz.com/UserC2
- DNS ASK c1.#yyz.com
- DNS ASK do###oad.iov.me
- DNS ASK st#####.##gitalcertvalidation.com
- DNS ASK microsoft.com