Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\tjngpw] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\yjngpwyj] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\tjngpw] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\tjngpw] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k tjngpw
- <SYSTEM32>\notepad.exe "%TEMP%\К№УГЛµГч(±Шїґ).txt"
- NtDeviceIoControlFile, драйвер-обработчик: xlwfse.sys
- <SYSTEM32>\xlwfse.dll
- <DRIVERS>\xlwfse.sys
- <SYSTEM32>\0004c83a.001
- %TEMP%\К№УГЛµГч(±Шїґ).txt
- %TEMP%\VIP.exe
- %TEMP%\VIP.exe
- 'uf####svip.8866.org':5555
- DNS ASK uf####svip.8866.org
- ClassName: 'Shell_TrayWnd' WindowName: ''