Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ѓ“ђn…”_“”Ѓ”…“ ] 'ImagePath' = '<SYSTEM32>\xkjtks.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Ѓ“ђn…”_“”Ѓ”…“ ] 'Start' = '00000002'
- '<SYSTEM32>\xkjtks.exe'
- 'C:\BNUpdate.exe'
- 'C:\server_protected.exe'
- C:\Far2\lpk.dll
- C:\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\DW\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\Speech\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\lpk.dll
- <Текущая директория>\lpk.dll
- C:\BNUpdate.exe
- C:\server_protected.exe
- <SYSTEM32>\xkjtks.exe
- C:\RCX2.tmp
- <SYSTEM32>\gei33.dll
- %CommonProgramFiles%\Microsoft Shared\DW\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\Speech\lpk.dll
- <Текущая директория>\lpk.dll
- C:\lpk.dll
- C:\Far2\lpk.dll
- <SYSTEM32>\gei33.dll
- C:\server_protected.exe в %TEMP%\SOFTWARE.LOG
- <SYSTEM32>\gei33.dll
- 'ym.##uhome.com':668
- 'ye#.#2ddos.com':8818
- 'si####umha.ddns.net':1000
- DNS ASK ym.##uhome.com
- DNS ASK ye#.#2ddos.com
- DNS ASK si####umha.ddns.net
- ClassName: 'Shell_TrayWnd' WindowName: ''