Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Y4q15] 'ImagePath' = '%WINDIR%\SysWOW64\Y4q15.sys'
- [<HKLM>\System\CurrentControlSet\Services\ki337kL5B] 'ImagePath' = '%WINDIR%\SysWOW64\ki337kL5B.sys'
- 'Y4q15' %WINDIR%\SysWOW64\Y4q15.sys
- 'ki337kL5B' %WINDIR%\SysWOW64\ki337kL5B.sys
- %WINDIR%\syswow64\cmd.exe
- %WINDIR%\syswow64\y4q15.sys
- %WINDIR%\syswow64\6i69u6xm6.exe
- %WINDIR%\syswow64\ki337kl5b.sys
- %WINDIR%\syswow64\6i69u6xm6.exe
- %WINDIR%\syswow64\ki337kl5b.sys
- %WINDIR%\syswow64\y4q15.sys
- '%WINDIR%\syswow64\6i69u6xm6.exe' ki337kL5B.sys Y4q15.sys
- '%WINDIR%\syswow64\6i69u6xm6.exe' ki337kL5B.sys Y4q15.sys' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe'