Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Microsoft Security Monitor Process' = 'microsoft.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Security Monitor Process' = 'microsoft.exe'
- %WINDIR%\microsoft.exe 284 "<SYSTEM32>\picture.exe"
- <SYSTEM32>\picture.exe
- %WINDIR%\microsoft.exe
- <SYSTEM32>\picture.exe
- %WINDIR%\microsoft.exe
- <SYSTEM32>\picture.exe
- '25#.#55.255.255':6667
- 'ir##.##dofinternet.net':6667
- DNS ASK ir##.##dofinternet.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''