Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<DRIVERS>\winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '<DRIVERS>\winlogon.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '<DRIVERS>\winlogon.exe'
- <DRIVERS>\winlogon.exe <Полный путь к вирусу>
- <SYSTEM32>\netsh.exe firewall add allowedprogram "<DRIVERS>\winlogon.exe"winlogon Enabled
- <DRIVERS>\RCX1.tmp
- <DRIVERS>\winlogon.exe
- <DRIVERS>\winlogon.exe
- <DRIVERS>\winlogon.exe
- 'fl####.jessicadube.com':6667
- DNS ASK fl####.jessicadube.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'H1N1'