Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Microsoft Licensing Service' = '%CommonProgramFiles%\systray32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{0cb69fff-0b12-11e1-b22f-806d6172696f}] 'StubPath' = '%ALLUSERSPROFILE%\Application Data\slsvc32.exe -r'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Licensing Service' = '%ALLUSERSPROFILE%\Application Data\slsvc32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Intel Platform Technology Client' = '%CommonProgramFiles%\systray32.exe'
- скрытых файлов
- Средство контроля пользовательских учетных записей (UAC)
- '%CommonProgramFiles%\systray32.exe'
- '%ALLUSERSPROFILE%\Application Data\slsvc32.exe'
- %CommonProgramFiles%\systray32.exe
- %TEMP%\dw.log
- %TEMP%\2B442.dmp
- <SYSTEM32>\systemant.exe
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\5dfdf0e6-79f7-4b89-8c03-3880f7750aec
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
- %ALLUSERSPROFILE%\Application Data\slsvc32.exe
- %CommonProgramFiles%\systray32.exe
- %ALLUSERSPROFILE%\Application Data\slsvc32.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''