Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{ec0084c6-db02-11e1-b0b7-806e6f6e6963}] 'StubPath' = 'C:\ProgramData\csrss.exe -r'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Audio Driver' = '%CommonProgramFiles%\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Audio Driver' = 'C:\ProgramData\csrss.exe'
- скрытых файлов
- Средство контроля пользовательских учетных записей (UAC)
- '%CommonProgramFiles%\lsass.exe'
- 'C:\ProgramData\csrss.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /hint /ETOnly 0 /OnProfiles 6 /OtherAllowed 3 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "C:\programdata\csrss.exe"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program="C:\ProgramData\csrss.exe" name="Audio Driver" mode=ENABLE scope=ALL profile=ALL
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gate[1].htm
- %CommonProgramFiles%\lsass.exe
- C:\ProgramData\csrss.exe
- %CommonProgramFiles%\lsass.exe
- C:\ProgramData\csrss.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gate[1].htm
- 'tu######-tungus.myjino.ru':80
- DNS ASK tu######-tungus.myjino.ru
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'