Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Host-process Windows (Rundll32.exe)' = '%APPDATA%\csrss.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Service Host Process for Windows' = '%APPDATA%\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Client Server Runtime Process' = '%APPDATA%\csrss.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Host-process Windows (Rundll32.exe)' = '<SYSTEM32>\rundll32.exe'
- <SYSTEM32>\rundll32.exe
- <SYSTEM32>\dllcache\rundll32.exe файлом <SYSTEM32>\dllcache\rundll32.exe.new
- <SYSTEM32>\rundll32.exe файлом <SYSTEM32>\rundll32.exe.new
- <SYSTEM32>\dllcache\rundll32.exe.new
- <SYSTEM32>\rundll32.exe.new
- <SYSTEM32>\rundll32.exe
- '%APPDATA%\svchost.exe'
- '%APPDATA%\csrss.exe'
- '<SYSTEM32>\rundll32.exe'
- %APPDATA%\svchost.exe
- %APPDATA%\csrss.exe
- %APPDATA%\svchost.exe
- %APPDATA%\csrss.exe
- <SYSTEM32>\rundll32.exe.tmp
- <SYSTEM32>\dllcache\rundll32.exe.new в <SYSTEM32>\dllcache\rundll32.exe
- <SYSTEM32>\rundll32.exe в <SYSTEM32>\rundll32.exe.tmp
- '19#.#03.48.37':9631
- '62.##2.75.40':9631
- '82.##2.91.15':9631
- '91.##6.212.32':9026
- '91.##6.212.32':9631
- ClassName: 'Indicator' WindowName: '(null)'