Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adobe' = '%APPDATA%\lsass.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = '%APPDATA%\Services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Mozilla' = '%APPDATA%\lsass.exe'
- [<HKCU>\Software\Microsoft\Active Setup\Installed Components\{ZCVR39OL-V4OV-KR3K-RVGP-JV1TYPOUHZIE}] 'StubPath' = '%APPDATA%\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{ZCVR39OL-V4OV-KR3K-RVGP-JV1TYPOUHZIE}] 'StubPath' = '%APPDATA%\lsass.exe'
- %APPDATA%\Services.exe [NEW]
- <SYSTEM32>\cmd.exe /c """%TEMP%\FNl.bat"" "
- %APPDATA%\lsass.exe
- %APPDATA%\Services.exe
- %TEMP%\FNl.bat
- %APPDATA%\lsass.exe
- %APPDATA%\Services.exe
- <SYSTEM32>\ctfmon.exe
- '33##.##amfallen.info':6667
- DNS ASK 33##.##amfallen.info
- ClassName: 'Indicator' WindowName: ''