Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SystemFile' = 'winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{z6B2445-1963-9142-A0DB-DBDB9E15FB9z;] 'StubPath' = 'sys.exe AutoRun'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe svchot.exe'
- [<HKLM>\SYSTEM\ControlSet002\Services\stud] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\stud] 'Start' = '00000002'
- %WINDIR%\pchealth\UploadLB\Config\csrss.exe
- <SYSTEM32>\p
- <SYSTEM32>\p в <SYSTEM32>\svchot.exe
- 'www.no###gar.com':21
- DNS ASK www.no###gar.com
- ClassName: 'Indicator' WindowName: ''