Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysmon' = 'svcmon.exe'
- [<HKLM>\SOFTWARE\Classes\txtfile\shell\open\command] '' = ''
- System
- <SYSTEM32>\userpolicy.dat
- <SYSTEM32>\files.dat
- <SYSTEM32>\filepolicy.dat
- <SYSTEM32>\userpolicy.dat
- <SYSTEM32>\files.dat
- <SYSTEM32>\filepolicy.dat