Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{97aa10c1-1d7d-11e4-b9d5-806e6f6e6963}] 'StubPath' = 'C:\ProgramData\csrss.exe -r'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Audio Driver' = '%CommonProgramFiles%\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Audio Driver' = 'C:\ProgramData\csrss.exe'
- скрытых файлов
- Средство контроля пользовательских учетных записей (UAC)
- '%CommonProgramFiles%\lsass.exe'
- 'C:\ProgramData\csrss.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program="C:\ProgramData\csrss.exe" name="Audio Driver" mode=ENABLE scope=ALL profile=ALL
- %CommonProgramFiles%\lsass.exe
- C:\ProgramData\csrss.exe
- %CommonProgramFiles%\lsass.exe
- C:\ProgramData\csrss.exe
- 'tu######-tungus.myjino.ru':80
- tu######-tungus.myjino.ru/up/up/gate.php
- DNS ASK tu######-tungus.myjino.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''