Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CFmon' = '%HOMEPATH%\kxuqgpqaf.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\yzvhyunb] 'ImagePath' = '<DRIVERS>\yzvhyunb.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\yzvhyunb] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\6487.bat" "
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\kxuqgpqaf.exe
- %TEMP%\6487.bat
- %HOMEPATH%\ntuser.init
- <DRIVERS>\yzvhyunb.sys
- <SYSTEM32>\ntuser.init
- %HOMEPATH%\ntuser.init
- <SYSTEM32>\ntuser.init
- '78.##9.105.205':8526