Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RtlDriver64' = '%APPDATA%\RtlDriver64.exe'
- %APPDATA%\RtlDriver64.exe
- %TEMP%\nsq4.tmp\lightbulb.dll
- %APPDATA%\lightbulb.a
- %TEMP%\nsp2.tmp\lightbulb.dll
- %APPDATA%\RtlDriver64.exe
- %TEMP%\nsq4.tmp\lightbulb.dll
- %APPDATA%\RtlDriver64.exe
- %TEMP%\nsp2.tmp\lightbulb.dll
- 'sr##ads.com':80
- sr##ads.com/r?i=##############################################
- DNS ASK sr##ads.com
- ClassName: 'Indicator' WindowName: ''