Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Lsa] 'Notification Packages' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'ruyopaku.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'tibarojume' = 'Rundll32.exe "zikewapo.dll",s'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe] 'Debugger' = '<SYSTEM32>\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe] 'Debugger' = '<SYSTEM32>\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe] 'Debugger' = '<SYSTEM32>\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe] 'Debugger' = '<SYSTEM32>\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\explorer.exe' = '%WINDIR%\explorer.exe:*:Enabled:Explorer'
- Центр обеспечения безопасности (Security Center)
- <SYSTEM32>\ruyopaku.dll
- <SYSTEM32>\hatutiza.dll
- <SYSTEM32>\jefugapu
- <SYSTEM32>\zikewapo.dll
- DNS ASK 25.#####################0b418f4d5f1.rma200093.2a21.0.-.261.0.<Служебное имя>.0.402926.antroxxx.com