Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Client Server Runtime Process' = '<SYSTEM32>\csrss.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host-process Windows (Rundll32.exe)' = '%APPDATA%\rundll32.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Service Host Process for Windows' = '%APPDATA%\svchost.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host-process Windows (Rundll32.exe)' = '%WINDIR%\SysWOW64\csrss.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host-process Windows (Rundll3.exe)' = '<SYSTEM32>\rundll3.exe'
- %WINDIR%\syswow64\csrss.exe
- %APPDATA%\rundll32.exe
- %APPDATA%\svchost.exe
- %WINDIR%\syswow64\rundll3.exe
- %WINDIR%\syswow64\csrss.exe
- %APPDATA%\rundll32.exe
- %APPDATA%\svchost.exe
- %WINDIR%\syswow64\rundll3.exe
- 'sm##.gmail.com':25
- '10#.#7.14.33':25
- '5.##.217.132':9631
- '14#.0.77.51':9631
- '91.##8.113.202':9631
- '19#.#06.30.226':9631
- '14#.0.73.13':9631
- '10#.47.1.33':25
- '5.##.217.133':9631
- '5.##.218.8':9631
- '5.##.217.131':9631
- '5.##.217.132':9997
- '5.##.218.10':9631
- '14#.#.74.131':9631
- '91.##8.246.193':9029
- '91.##8.246.179':9631
- '10#.47.0.33':25
- DNS ASK sm##.gmail.com
- '%WINDIR%\syswow64\csrss.exe'
- '%APPDATA%\rundll32.exe'
- '%APPDATA%\svchost.exe'
- '%WINDIR%\syswow64\rundll3.exe'
- '%WINDIR%\syswow64\csrss.exe' ' (со скрытым окном)
- '%APPDATA%\rundll32.exe' ' (со скрытым окном)
- '%APPDATA%\svchost.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\rundll3.exe' ' (со скрытым окном)