Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%APPDATA%\system\Lsass,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Lsass' = '%APPDATA%\system\Lsass'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Lsass' = '%APPDATA%\system\Lsass'
- скрытых файлов
- %TEMP%\PowerISO 4.8.0.exe
- %TEMP%\cssrss.exe
- %TEMP%\nsj4.tmp\System.dll
- %TEMP%\9d57d1ee-af99-4cec-b197-2630b877af42\CliSecureRT.dll
- %APPDATA%\system\Lsass
- %TEMP%\cssrss.exe
- %TEMP%\PowerISO 4.8.0.exe
- %TEMP%\nsd3.tmp
- %TEMP%\cssrss.exe
- 's2#.#o-ip.info':15382
- DNS ASK s2#.#o-ip.info
- '<IP-адрес в локальной сети>':1037
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'SCDEMUAPP_C2C80BFA WNDCLASS' WindowName: ''
- ClassName: '#32770' WindowName: ''