Техническая информация
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'Shielden' = '"%WINDIR%\Shielden.exe"'
- ClassName: 'Regmonclass', WindowName: ''
- ClassName: 'Filemonclass', WindowName: ''
- %WINDIR%\shielden.exe
- '10#.#7.185.70':13579
- ClassName: '18467-41' WindowName: ''
- ClassName: '4823-00000029' WindowName: ''
- '%WINDIR%\shielden.exe'
- '%WINDIR%\shielden.exe' ' (со скрытым окном)