Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RtlDriver64' = '%APPDATA%\RtlDriver64.exe'
- %APPDATA%\RtlDriver64.exe
- %TEMP%\nsa4.tmp\craniometers.dll
- %TEMP%\craniometers.n
- %TEMP%\nsz2.tmp\craniometers.dll
- %APPDATA%\RtlDriver64.exe
- %TEMP%\nsa4.tmp\craniometers.dll
- %APPDATA%\RtlDriver64.exe
- %TEMP%\nsz2.tmp\craniometers.dll
- 'sr##ads.com':80
- sr##ads.com/r?i=############################
- DNS ASK sr##ads.com
- ClassName: 'Indicator' WindowName: ''