Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MS Shell Services' = 'C:\Win32\svchost.exe -m'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunServices] 'MS Shell Services' = 'C:\Win32\svchost.exe -m'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Winscript' = 'C:\Win32\Win32.vbs'
- C:\Win32\svchost.exe
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\wscript.exe "C:\Win32\Win32.vbs"
- <SYSTEM32>\wscript.exe "C:\Win32\Start.vbs"
- Библиотека-обработчик для всех процессов: C:\Win32\hooks.dll
- C:\Win32\svchost.$$A
- C:\Win32\Win32.$$A
- C:\Win32\hooks.$$A
- C:\Win32\Start.$$A
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Control panel [--]'
- ClassName: 'InstItClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''