Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcQ3kzP.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcQnUHp.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcsdaCE.sys'
- [<HKLM>\System\CurrentControlSet\Services\abc2.0] 'ImagePath' = '%TEMP%\~abcTEKiM.sys'
- 'abc2.0' %TEMP%\~abcQ3kzP.sys
- 'abc2.0' %TEMP%\~abcQnUHp.sys
- 'abc2.0' %TEMP%\~abcsdaCE.sys
- 'abc2.0' %TEMP%\~abcTEKiM.sys
- %TEMP%\~abcQ3kzP.sys
- %WINDIR%\temp\udd3d7c.tmp
- %TEMP%\~abcQnUHp.sys
- %TEMP%\zj61eqlo.exe
- %TEMP%\~abcsdaCE.sys
- %TEMP%\~abcTEKiM.sys
- %WINDIR%\syswow64\0406f1.dll
- %TEMP%\~abcQ3kzP.sys
- %TEMP%\~abcQnUHp.sys
- %TEMP%\~abcsdaCE.sys
- %TEMP%\~abcTEKiM.sys
- %WINDIR%\temp\udd3d7c.tmp
- %TEMP%\~abcQ3kzP.sys
- %TEMP%\~abcQnUHp.sys
- %TEMP%\~abcsdaCE.sys
- %TEMP%\~abcTEKiM.sys
- %TEMP%\zj61eqlo.exe
- '11#.#24.100.244':80
- http://sp.###ove123.com/yzxy.txt
- http://cs.###ove123.com/mtmd-v5.php
- DNS ASK sp.###ove123.com
- DNS ASK cs.###ove123.com
- ClassName: '' WindowName: 'TPHelper.exe'
- '%TEMP%\zj61eqlo.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start %TEMP%\ZJ61EqlO.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c start %TEMP%\ZJ61EqlO.exe