Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'system' = 'kernel32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'TaskMan' = 'TskMan.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\system' = '<SYSTEM32>\system:*:enabled:@xpsp2res.dll,-22019'
- <SYSTEM32>\System
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lDesktop.txt
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lRecent.txt
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lInstalledApp.txt
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\Info.zip
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lMRU.txt
- <SYSTEM32>\host.pkg
- <SYSTEM32>\zlib.dll
- <SYSTEM32>\kernel32.exe
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lCookies.zip
- <SYSTEM32>\Tskman.exe
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lMRU.txt
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lRecent.txt
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lInstalledApp.txt
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lCookies.zip
- %ALLUSERSPROFILE%\Documents\Microsoft\Temp\lDesktop.txt
- 'sm##.#yopera.com':465
- DNS ASK sm##.#yopera.com
- ClassName: 'Shell_TrayWnd' WindowName: ''