Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Local Security Authentication Server' = '%APPDATA%\lsass.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\lsass.exe' = '%APPDATA%\lsass.exe:*:Enabled:Local Security Authentication Server'
- '%APPDATA%\lsass.exe'
- C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
- %APPDATA%\lsass.exe
- '74.##5.232.51':80
- DNS ASK www.google.com
- '91.##1.117.127':2233
- ClassName: 'Indicator' WindowName: '(null)'