Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Lsa] 'Notification Packages' = 'scecli\n<SYSTEM32>\doriyubi.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'tibarojume' = 'Rundll32.exe "<SYSTEM32>\kagohaku.dll",s'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\doriyubi.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\explorer.exe' = '%WINDIR%\explorer.exe:*:Enabled:Explorer'
- Обновления системы (Windows Update)
- Центр обеспечения безопасности (Security Center)
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e9a37cb-0fc6-419d-8ef1-ea5410bff736}']
- <SYSTEM32>\doriyubi.dll
- <SYSTEM32>\kagohaku.dll
- <SYSTEM32>\jefugapu
- <SYSTEM32>\wohupuda.dll
- DNS ASK 15.#####################30c215b1d78.nka100009.lg20.0.-.261.0.AngarCl.0.200007.uroledup.com