Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,"<SYSTEM32>\clientmon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'start' = '%HOMEPATH%\Start Menu\Programs\start.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'start' = '%HOMEPATH%\Start Menu\Programs\start.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "Computer Helper" /rl highest /tr "'\578208\helper.exe' /startup" /f
- '%HOMEPATH%\Start Menu\Programs\start.exe'
- C:\578208\helper.exe
- <SYSTEM32>\clientmon.exe
- %HOMEPATH%\Start Menu\Programs\start.exe
- C:\ea0df09afd740ed9245ca296655d564dc027e9a7
- C:\ea0df09afd740ed9245ca296655d564dc027e9a7
- 'co####ller.wha.la':9092
- DNS ASK co####ller.wha.la
- ClassName: 'Indicator' WindowName: ''