Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'SHELL' = 'Explorer.exe, %CommonProgramFiles%\wl.exe'
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\5a8ff7a6ad7e38ec83dcaa35f9967198_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\c0528c2346cb928a9052304ef3ab8fd4_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %CommonProgramFiles%\wl.exe
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\c96b5197-6ed0-4cd1-8f4f-9f9b4bfae57a
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- '93.##8.134.11':25
- DNS ASK sm##.yandex.ru
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: '' WindowName: '???????? ???????'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '????????? ????? Windows'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '' WindowName: 'Program Manager'