Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Windows CardSpace' = '%WINDIR%\L21Schemas\L2Scheemas\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Windows CardSpace' = '%WINDIR%\L21Schemas\L2Scheemas\svchost.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Firewall do windows' = '%WINDIR%\L21Schemas\L2Scheemas\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Backup do windows' = '%WINDIR%\L21Schemas\L2Scheemas\svchost.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5FMD7F7O-DQ72-J27H-17NL-N01EXT4SU0L6}] 'StubPath' = '%WINDIR%\L21Schemas\L2Scheemas\svchost.exe Restart'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5FMD7F7O-DQ72-J27H-17NL-N01EXT4SU0L6}] 'StubPath' = '%WINDIR%\L21Schemas\L2Scheemas\svchost.exe'
- %WINDIR%\syswow64\explorer.exe
- svchost.exe
- %WINDIR%\l21schemas\l2scheemas\svchost.exe
- %TEMP%\xx--xx--xx.txt
- %APPDATA%\logs.dat
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %WINDIR%\l21schemas\l2scheemas\svchost.exe
- %APPDATA%\logs.dat
- %TEMP%\xx--xx--xx.txt
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- DNS ASK 34####50.ddns.net
- '%WINDIR%\l21schemas\l2scheemas\svchost.exe'
- '%WINDIR%\syswow64\explorer.exe'