Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\uwxmrp] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\VDCZUFO\uwxmrp.bin'
- [<HKLM>\SYSTEM\ControlSet001\Services\uwxmrp] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' start uwxmrp
- '<SYSTEM32>\sc.exe' stop uwxmrp
- '<SYSTEM32>\sc.exe' stop null
- '<SYSTEM32>\cmd.exe' /C sc.exe create uwxmrp type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\VDCZUFO\uwxmrp.bin" start= auto
- '<SYSTEM32>\sc.exe' create uwxmrp type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\VDCZUFO\uwxmrp.bin" start= auto
- %ALLUSERSPROFILE%\Application Data\VDCZUFO\uwxmrp.bin
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\pab[1].php
- %ALLUSERSPROFILE%\Application Data\VDCZUFO\iwo7242.tlb
- %TEMP%\1.tmp
- 'up##.21civ.com':80
- 'rp##.21civ.com':80
- http://up##.21civ.com/pab.php?b=######################################
- http://rp##.21civ.com/wb.php?o=############################################
- http://rp##.21civ.com/az.php?st######################################################
- DNS ASK up##.21civ.com
- DNS ASK rp##.21civ.com