Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcMQ6HY.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abckV5Rh.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcyX6Hf.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcQJlIb.sys'
- 'abc2.0' %TEMP%\~abcMQ6HY.sys
- 'abc2.0' %TEMP%\~abckV5Rh.sys
- 'abc2.0' %TEMP%\~abcyX6Hf.sys
- 'abc2.0' %TEMP%\~abcQJlIb.sys
- %TEMP%\~abcMQ6HY.sys
- %WINDIR%\temp\uddcb2a.tmp
- %TEMP%\~abckV5Rh.sys
- %TEMP%\1luiw165vf.exe
- %TEMP%\~abcyX6Hf.sys
- %TEMP%\~abcQJlIb.sys
- %TEMP%\~abcMQ6HY.sys
- %TEMP%\~abckV5Rh.sys
- %TEMP%\~abcyX6Hf.sys
- %TEMP%\~abcQJlIb.sys
- %WINDIR%\temp\uddcb2a.tmp
- %TEMP%\~abcMQ6HY.sys
- %TEMP%\~abckV5Rh.sys
- %TEMP%\~abcyX6Hf.sys
- %TEMP%\~abcQJlIb.sys
- %TEMP%\1luiw165vf.exe
- http://sp.###ove123.com/yzxy.txt
- DNS ASK sp.###ove123.com
- DNS ASK cs.###ove123.com
- ClassName: '' WindowName: 'TPHelper.exe'
- '%TEMP%\1luiw165vf.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start %TEMP%\1LUIw165vF.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c start %TEMP%\1LUIw165vF.exe