Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows Operation System' = '%WINDIR%\lsass.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\lsass.exe' = '<SYSTEM32>\lsass.exe:*:Enabled:Ftp..'
- <SYSTEM32>\netsh.exe firewall add allowedprogram <SYSTEM32>\Isass.scr smtp..
- <SYSTEM32>\netsh.exe firewall add allowedprogram <SYSTEM32>\lsass.exe Ftp..
- <SYSTEM32>\csrs.txt
- %WINDIR%\lsass.exe
- <SYSTEM32>\csrs.txt
- <Полный путь к вирусу>
- '74.##5.232.51':25
- DNS ASK gs####85.google.com
- ClassName: '' WindowName: 'Internet Banking CAIXA - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'Santander Banespa - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'Banco Ita? - Feito Para Voc? - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'Banco Bradesco S/A - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'Banco Santander - Microsoft Internet Explorer'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'iiexplore'
- ClassName: '' WindowName: 'Equifax - Solu??es para Gest?o de Risco - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'Portal BANCO REAL - ABN AMRO - Microsoft Internet Explorer'