Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ghijkl Nopqrstu Wxy] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k imgsvc
- <SYSTEM32>\svchost.exe -k netsvcs
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'ollydbg' WindowName: ''
- C:\system64.log
- %PROGRAM_FILES%\Lhij\Qhijklmno.bmp
- C:\3226500.dll
- C:\WinWall64.bmp
- %PROGRAM_FILES%\Lhij\Qhijklmno.bmp
- C:\3226500.dll
- C:\WinWall64.bmp
- C:\system64.log
- 'le####52.3322.org':9999
- DNS ASK le####52.3322.org
- '<IP-адрес в локальной сети>':1035
- ClassName: '18467-41' WindowName: ''
- ClassName: 'SoftSnoopMainDialog' WindowName: ''
- ClassName: '' WindowName: 'APIScan'
- ClassName: 'ThunderRT6Form' WindowName: ''
- ClassName: '' WindowName: 'QuickUnpack v2.1'
- ClassName: '' WindowName: 'RL!dePacker - Generic Unpacker'
- ClassName: 'WinDbgFrameClass' WindowName: ''
- ClassName: '' WindowName: 'Syser : Active Hotkey [Ctrl+F12]'
- ClassName: '' WindowName: 'Syser Debugger - Win32 User Mode Debugger'
- ClassName: '' WindowName: 'Raglstry Moniter - Sysexternals: www.sysexternals.com'
- ClassName: '' WindowName: '????????'
- ClassName: '' WindowName: 'Microsoft Spy++ - [???? 1]'