Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Process Manager' = 'plwhost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Process Manager' = 'plwhost.exe'
- <SYSTEM32>\plwhost.exe 1304 "<Полный путь к вирусу>"
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\plwhost.exe
- %ALLUSERSPROFILE%\Application Data\TEMP:A33D6D33
- <DRIVERS>\npf.sys
- <SYSTEM32>\wpcap.dll
- <SYSTEM32>\packet.dll
- <SYSTEM32>\plwhost.exe
- 'ar#####.purplelots.com':1311
- DNS ASK ar#####.purplelots.com
- ClassName: 'mIRC' WindowName: ''