Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32.exe] 'Debugger' = 'C:\RECYCLER\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.exe] 'Debugger' = 'C:\RECYCLER\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = 'C:\RECYCLER\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msnmsgr.exe] 'Debugger' = 'C:\RECYCLER\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msnmsgs.exe] 'Debugger' = 'C:\RECYCLER\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32krn.exe] 'Debugger' = 'C:\RECYCLER\lsass.exe'
- скрытых файлов
- <SYSTEM32>\ntvdm.exe -f -i1
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\DeathTime.Die
- C:\RECYCLER\lsass.exe
- C:\My Girls\FolderData.exe
- C:\RECYCLER\lsass.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ad8.adc.390001'