Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winspooll' = '"<SYSTEM32>\winspooll.exe" \winspooll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe <SYSTEM32>\winspooll.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winspooll' = '"<SYSTEM32>\winspooll.exe" \winspooll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run] 'winspooll' = '"<SYSTEM32>\winspooll.exe" \winspooll'
- <SYSTEM32>\service.exe
- <SYSTEM32>\rundlll32.exe
- <SYSTEM32>\obt.bmp
- <SYSTEM32>\obt.jpg
- <SYSTEM32>\service.exe
- <SYSTEM32>\winspooll.exe
- <SYSTEM32>\rundlll32.exe
- <SYSTEM32>\service.exe
- <SYSTEM32>\rundlll32.exe
- <SYSTEM32>\winspooll.exe
- 'po####.interia.pl':25
- DNS ASK po####.interia.pl
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Indicator' WindowName: ''