Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = '%HOMEPATH%\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, %WINDIR%\media\audiohd.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = '%HOMEPATH%\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Windows Services' = '%HOMEPATH%\svchost.exe'
- %WINDIR%\Media\audiohd.exe
- %HOMEPATH%\svchost.exe
- %HOMEPATH%\check.new
- %WINDIR%\Media\audiohd.exe
- %HOMEPATH%\svchost.exe
- %HOMEPATH%\check.new
- 'ir#.#izon.net':6667
- 'ir#.dal.net':6667
- DNS ASK ir#.#izon.net
- DNS ASK ir#.dal.net
- '<IP-адрес в локальной сети>':1033
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: '' WindowName: 'Process Explorer - Sysinternals: www.sysinternals.com [USER-4BB09A9C02\%USERNAME%]'
- ClassName: '' WindowName: 'GMER 1.0.15.15570'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '' WindowName: '<SYSTEM32>\cmd.exe'