Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\ulzycdtsml.url
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%WINDIR%\WinRing0x64.sys'
- 'WinRing0_1_2_0' %WINDIR%\WinRing0x64.sys
- %WINDIR%\notepad.exe
- %ALLUSERSPROFILE%\pnqssbdbsh\cfgi
- %ALLUSERSPROFILE%\pnqssbdbsh\cfg
- %ALLUSERSPROFILE%\pnqssbdbsh\winsysdrv
- %ALLUSERSPROFILE%\pnqssbdbsh\r.vbs
- %ALLUSERSPROFILE%\pnqssbdbsh\r.vbs
- %ALLUSERSPROFILE%\pnqssbdbsh\winsysdrv в %ALLUSERSPROFILE%\pnqssbdbsh\winsysdrv.exe
- %ALLUSERSPROFILE%\pnqssbdbsh\r.vbs
- 'wo#m.ws':5555
- DNS ASK wo##.top
- DNS ASK wo#m.ws
- '%WINDIR%\notepad.exe' -c "%ALLUSERSPROFILE%\PnQssBdbSh\cfg"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%ALLUSERSPROFILE%\PnQssBdbSh\r.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%ALLUSERSPROFILE%\PnQssBdbSh\r.vbs"
- '%WINDIR%\notepad.exe' -c "%ALLUSERSPROFILE%\PnQssBdbSh\cfgi"