Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\TeSafe] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\TeSafe] 'ImagePath' = '<DRIVERS>\TeSafe.sys'
- [<HKLM>\System\CurrentControlSet\Services\SvkProtects] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\SvkProtects] 'ImagePath' = '<DRIVERS>\SvkProtects.sys'
- 'TeSafe' <DRIVERS>\TeSafe.sys
- 'SvkProtects' <DRIVERS>\SvkProtects.sys
- ClassName: 'ollydbg', WindowName: ''
- ClassName: 'TDeDeMainForm', WindowName: ''
- ClassName: 'TIdaWindow', WindowName: ''
- C:\tesafe.sys
- <DRIVERS>\tesafe.sys
- C:\svkprotects.sys
- <DRIVERS>\svkprotects.sys
- %WINDIR%\temp\uddef1f.tmp
- %WINDIR%\temp\uddef4e.tmp
- C:\tesafe.sys
- C:\svkprotects.sys
- %WINDIR%\temp\uddef1f.tmp
- %WINDIR%\temp\uddef4e.tmp
- '11#.#47.114.171':5100
- 'sh###undlq.com':80
- http://www.sh####ndlq.com:80/sys/sysversion.txt via sh###undlq.com
- http://www.sh####ndlq.com:80/sys/prcroc.dll via sh###undlq.com
- http://www.sh####ndlq.com:80/sys/TeSafe64.sys via sh###undlq.com
- DNS ASK sh###undlq.com
- ClassName: 'TrayNotifyWnd' WindowName: ''
- ClassName: 'SysPager' WindowName: ''
- ClassName: 'ToolbarWindow32' WindowName: ''
- ClassName: 'icu_dbg' WindowName: ''
- ClassName: 'pe--diy' WindowName: ''
- ClassName: 'fanfan' WindowName: ''
- ClassName: 'ICEODBG' WindowName: ''
- ClassName: 'WinDbgFrameClass' WindowName: ''
- ClassName: 'Immunity Debugge' WindowName: ''