Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_Dlls' = '<SYSTEM32>\cards32.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\88e6680f372] 'Startup' = 'EventStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\88e6680f372] 'DllName' = '<SYSTEM32>\cards32.dll'
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\smss.exe
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\services.exe
- <SYSTEM32>\csrss.exe
- %APPDATA%\0200000028b70f66O.manifest
- %APPDATA%\0200000028b70f66S.manifest
- %APPDATA%\0200000028b70f66C.manifest
- <SYSTEM32>\cards32.dll
- %APPDATA%\0200000028b70f66P.manifest
- 'sa#####tasiteverwas.com':80
- sa#####tasiteverwas.com/conn/
- DNS ASK sa#####tasiteverwas.com