Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%WINDIR%\svchost.exe'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %WINDIR%\temvir - CRNJEUFU.txt
- %WINDIR%\csrss.exe
- %WINDIR%\svchost.exe
- 'mo####n.comxa.com':21
- DNS ASK mo####n.comxa.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'edit' WindowName: ''
- ClassName: '' WindowName: 'TeamViewer - Registro de sucesos de la transferencia de archivos'
- ClassName: '' WindowName: 'Sesion esponsorizada'
- ClassName: 'ThunderRT6FormDC' WindowName: 'Shareware Cheater v 3.0'
- ClassName: 'ThunderRT6FormDC' WindowName: ''
- ClassName: '' WindowName: 'TeamViewer'