Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\fastuserswitchingcompatibility] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\fastuserswitchingcompatibility] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\System\CurrentControlSet\Services\RemoteRegistry] 'Start' = '00000002'
- 'fastuserswitchingcompatibility' <SYSTEM32>\svchost.exe -k netsvcs
- 'ias' <SYSTEM32>\svchost.exe -k netsvcs
- 'irmon' <SYSTEM32>\svchost.exe -k netsvcs
- 'nla' <SYSTEM32>\svchost.exe -k netsvcs
- 'ntmssvc' <SYSTEM32>\svchost.exe -k netsvcs
- 'nwcworkstation' <SYSTEM32>\svchost.exe -k netsvcs
- 'srservice' <SYSTEM32>\svchost.exe -k netsvcs
- 'wmi' <SYSTEM32>\svchost.exe -k netsvcs
- 'wmdmpmsp' <SYSTEM32>\svchost.exe -k netsvcs
- 'logonhours' <SYSTEM32>\svchost.exe -k netsvcs
- 'pcaudit' <SYSTEM32>\svchost.exe -k netsvcs
- 'helpsvc' <SYSTEM32>\svchost.exe -k netsvcs
- 'uploadmgr' <SYSTEM32>\svchost.exe -k netsvcs
- 'prduywom' <SYSTEM32>\svchost.exe -k prduywom
- C:\ciolbnrrmj
- <Текущая директория>\syisifvwcy
- %TEMP%\wqeflhioni.dat
- <Текущая директория>\syisifvwcy
- %ALLUSERSPROFILE%\drm\%sessionname%\khlig.cc3
- %TEMP%\wqeflhioni.dat в %ALLUSERSPROFILE%\drm\%sessionname%\khlig.cc3
- DNS ASK
- 'C:\ciolbnrrmj' q -s<Полный путь к файлу>
- '<SYSTEM32>\svchost.exe' -k regsvc