Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\Isas.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SkyNet' = '%WINDIR%\SkyNet.exe'
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\net1.exe' Stop SharedAccess
- '<SYSTEM32>\net.exe' Stop SharedAccess
- <SYSTEM32>\Isas.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\system32.123laptop.net_ver=2[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\system32.123laptop.net_ver=2[1]
- <SYSTEM32>\MS Silverlight.exe
- %TEMP%\aut1.tmp
- %TEMP%\tbhanav
- %WINDIR%\SkyNet.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\system32.123laptop.net_ver=2[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\system32.123laptop.net_ver=2[1]
- %TEMP%\aut1.tmp
- %TEMP%\tbhanav
- 'sy######.#######op.net?ver=2.0&name=crnjeufu&user=urnxymav':80
- sy######.#######op.net?ver=2.0&name=crnjeufu&user=urnxymav/
- DNS ASK sy######.#######op.net?ver=2.0&name=crnjeufu&user=urnxymav