Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Firewall' = '%WINDIR%\Firewall.exe\notepadd.exe\mspaintt.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Data Storage' = '<SYSTEM32>\SystemDataHold.exe'
- <SYSTEM32>\SystemDataHold.exe