Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004] 'LibraryPath' = '<SYSTEM32>\timetime.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] '192400257' = '"<SYSTEM32>\tasktask.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = '%SystemRoot%\System32\mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = '%SystemRoot%\System32\mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002] 'LibraryPath' = '%SystemRoot%\System32\winrnr.dll'
- Компонент восстановления системы (SR)
- <SYSTEM32>\tasktask.exe
- %TEMP%\3aa88dfc.bat
- <SYSTEM32>\tasktask.exe
- <SYSTEM32>\timetime.dll
- <SYSTEM32>\Restore\MachineGuid.txt