Technical Information
- [<HKLM>\System\CurrentControlSet\Services\09ac0] 'ImagePath' = '%WINDIR%\09ac0.sys'
- '09ac0' %WINDIR%\09ac0.sys
- <Current directory>\ГЁВє1156780537.dll
- %WINDIR%\09ac0.sys
- %WINDIR%\09ac0.sys
- from %WINDIR%\09ac0.sys to %TEMP%\1093223\....\temporaryfile
- http://dr####.voouer.com/index.php/admin/check/Login/code/111111111/machine/0994d7785747891f8a1c6af5dfc23ac0
- DNS ASK dr####.voouer.com