Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Service Host Process for Windows' = '%APPDATA%\Roaming\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Host-process Windows (Rundll32.exe)' = '%APPDATA%\Roaming\rundll32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Client Server Runtime Process' = '%APPDATA%\Roaming\csrss.exe'
- '%APPDATA%\Roaming\svchost.exe'
- '%APPDATA%\Roaming\rundll32.exe'
- '%APPDATA%\Roaming\csrss.exe'
- %APPDATA%\Roaming\svchost.exe
- %APPDATA%\Roaming\rundll32.exe
- %APPDATA%\Roaming\csrss.exe
- %APPDATA%\Roaming\svchost.exe
- %APPDATA%\Roaming\rundll32.exe
- %APPDATA%\Roaming\csrss.exe
- '91.##6.212.32':9027
- '67.##5.160.76':25
- 'sm##.gmail.com':25
- DNS ASK pl##.###p.mail.yahoo.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK sm##.gmail.com
- ClassName: 'Indicator' WindowName: '(null)'