Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Luz7' = '%WINDIR%\system\smss.exe'
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Luz7 /d "%WINDIR%\system\smss.exe" /f
- '<SYSTEM32>\taskkill.exe' /f /im lsass.exe
- '<SYSTEM32>\taskkill.exe' -f /im lsass.exe
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v WIN /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v S7 /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Ast7 /f
- <SYSTEM32>\lsass.exe
- %WINDIR%\system\smss.exe
- 'ma######31.thaieasydns.com':80
- ma######31.thaieasydns.com/configurador.ini
- DNS ASK ma####3331.mine.nu
- DNS ASK ma#####331.effers.com
- DNS ASK ma######31.thaieasydns.com
- DNS ASK ma######31.servehttp.com
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'