Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wl' = '<SYSTEM32>\svvosts.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wm' = '<SYSTEM32>\grtosts.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}' = ''
- %WINDIR%\system\l.exe
- <SYSTEM32>\svvosts.exe
- <SYSTEM32>\grtosts.exe
- %WINDIR%\system\m.EXE
- %WINDIR%\system\w.exe
- <SYSTEM32>\cmd.exe /c %WINDIR%\system\$$a.bat
- %WINDIR%\system\$$a.bat
- <SYSTEM32>\mywm.dLL
- <SYSTEM32>\mywl.dll
- <SYSTEM32>\svvosts.exe
- <SYSTEM32>\grtosts.exe
- %WINDIR%\system\l.exe
- %WINDIR%\system\m.EXE
- <SYSTEM32>\Cnscheck001.dll
- %WINDIR%\system\w.exe
- %WINDIR%\system\l.exe
- %WINDIR%\system\w.exe
- <DRIVERS>\etc\hosts
- ClassName: 'ElementClient Window' WindowName: 'Element Client'
- ClassName: 'QElementClient Window' WindowName: 'Element Client'
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''