Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lsass32' = '%WINDIR%\lsass32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'userun32' = '%WINDIR%\userun32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'internat' = '%WINDIR%\internat.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'internat' = '%WINDIR%\internat.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'internat' = '%WINDIR%\internat.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\msoffice.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\internat] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\internat] 'ImagePath' = '%WINDIR%\internat.exe'
- %WINDIR%\lsass32.exe
- %WINDIR%\userun32.exe
- %WINDIR%\internat.exe
- %WINDIR%\mod\leger.sys
- ClassName: 'Button' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''