Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '<DRIVERS>\lsass.exe WTM'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<DRIVERS>\lsass.exe' = '<DRIVERS>\lsass.exe:*:Enabled:Live Messenger 8 (Caller)'
- <DRIVERS>\lsass.exe STR
- <DRIVERS>\lsass.exe WTM
- <SYSTEM32>\makecab.exe %WINDIR%\Security.txt %WINDIR%\Messenger\messcab52219 PM222012.cab
- <DRIVERS>\lsass.exe
- %WINDIR%\Security.txt
- <DRIVERS>\lsass.exe
- %WINDIR%\Security.txt
- 'cr####y.no-ip.org':889
- DNS ASK cr####y.no-ip.org
- '<IP-адрес в локальной сети>':1036