Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'regsvc' = '\regsvc32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'regsvc' = '\regsvc32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\registry\snhost.exe' = '%PROGRAM_FILES%\registry\snhost.exe:*:Enabled:Network Sharing'
- %PROGRAM_FILES%\registry\regsvc32.exe
- Библиотека-обработчик для всех процессов: %PROGRAM_FILES%\registry\kbrhook.dll
- %PROGRAM_FILES%\registry\regsvc32.ini
- <Текущая директория>\config.ini
- %PROGRAM_FILES%\registry\syslog.txt
- %PROGRAM_FILES%\registry\scr11142011122829.jpg
- %PROGRAM_FILES%\registry\rec11142011122809325.log
- %PROGRAM_FILES%\registry\snhost.exe
- %PROGRAM_FILES%\registry\ChatHandler.Dll
- %PROGRAM_FILES%\registry\kbrhook.dll
- %PROGRAM_FILES%\registry\unins.exe
- %PROGRAM_FILES%\registry\ijl11.dll
- %PROGRAM_FILES%\registry\regsvc32.exe
- <Текущая директория>\config.ini
- '67.##5.160.76':80
- 67.##5.160.76/
- DNS ASK www.ya##o.com
- '<IP-адрес в локальной сети>':1038
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Indicator' WindowName: ''