Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{CCE47C9C-BE9F-1BE5-64CA-9F9DBB9EBC9F}] 'StubPath' = '%APPDATA%\winlogon.exe'
- [<HKCU>\Software\Microsoft\Active Setup\Installed Components\{CCE47C9C-BE9F-1BE5-64CA-9F9DBB9EBC9F}] 'StubPath' = '%APPDATA%\winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winlogon' = '%APPDATA%\winlogon.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Winlogon' = '%APPDATA%\winlogon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\winlogon.exe' = '%APPDATA%\winlogon.exe:*:Enabled:Windows Messanger'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Текущая директория>\server.exe' = '<Текущая директория>\server.exe:*:Enabled:Windows Messanger'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- %APPDATA%\data.dat
- 'ye####oip.no-ip.org':83
- DNS ASK ye####oip.no-ip.org
- ClassName: 'Indicator' WindowName: ''