Техническая информация
- [HKLM\SYSTEM\CurrentControlSet\Services\Iprip\] 'Start' = '00000002'
- [HKLM\SYSTEM\CurrentControlSet\Services\Iprip\Parameters\] 'ServiceDll' = '<SYSTEM32>\niprp.dll'
- [HKLM\System\CurrentControlSet\Services\Iprip] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\Iprip] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- 'Iprip' <SYSTEM32>\svchost.exe -k netsvcs
- %TEMP%\glc7445.tmp
- %TEMP%\glj76e5.tmp
- %TEMP%\glg7b69.tmp
- %WINDIR%\syswow64\~glh0000.tmp
- %TEMP%\~glh0001.tmp
- %WINDIR%\syswow64\~glh0002.tmp
- C:\recycled\~glh0003.tmp
- %TEMP%\set.exe
- %TEMP%\glg7b69.tmp
- %TEMP%\glj76e5.tmp
- %TEMP%\glc7445.tmp
- %WINDIR%\syswow64\~glh0000.tmp в %WINDIR%\syswow64\pwfsh.dll
- %TEMP%\~glh0001.tmp в %TEMP%\set.exe
- %WINDIR%\syswow64\~glh0002.tmp в %WINDIR%\syswow64\niprp.dll
- C:\recycled\~glh0003.tmp в C:\recycled\ctv.dat
- '%TEMP%\set.exe'
- '%TEMP%\glj76e5.tmp' <SYSTEM32>\pwfsh.dll