Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'SHELL' = 'Explorer.exe, %CommonProgramFiles%\wl.exe'
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\c0528c2346cb928a9052304ef3ab8fd4_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %CommonProgramFiles%\wl.exe
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\d31ccc7f-dc6e-4d10-a735-cbe889b6d22c
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- '93.##8.134.11':25
- DNS ASK sm##.yandex.ru
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: '' WindowName: '???????? ???????'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '????????? ????? Windows'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '' WindowName: 'Program Manager'