Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c] 'DllName' = 'reset5c.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\lsass.exe' = '<SYSTEM32>\lsass.exe:*:Enabled:Local Security...
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\lsass.exe
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>_Classes\Software\Far\Plugins\FTP\Hosts]
- [\REGISTRY\USER\S-1-5-20_Classes\Software\Far\Plugins\FTP\Hosts]
- [\REGISTRY\USER\S-1-5-19_Classes\Software\Far\Plugins\FTP\Hosts]
- [\REGISTRY\USER\S-1-5-20\Software\Far\Plugins\FTP\Hosts]
- <SYSTEM32>\reset5c.dll
- 'www.by###ode.biz':80
- 'www.my###aff.net':80
- http://www.by###ode.biz/ws/stat.php
- http://www.my###aff.net/rpt/in.php
- DNS ASK www.by###ode.biz
- DNS ASK www.my###aff.net