Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\hlpevmonsys] 'ImagePath' = '<SYSTEM32>\msesmh.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\hlpevmonsys] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\winmgmt] 'Start' = '00000002'
- '<SYSTEM32>\msferedi.exe'
- '<SYSTEM32>\mswuposi.exe'
- '<SYSTEM32>\msesmh.exe' /install /silent "Monitor System Help Event"
- '<SYSTEM32>\msesmh.exe'
- Библиотека-обработчик для всех процессов: <SYSTEM32>\msifaq.dll
- [<HKCU>\Software\Microsoft\Internet Explorer\IntelliForms\Storage2]
- <SYSTEM32>\msferedi.exe
- <SYSTEM32>\msifaq.dll
- <SYSTEM32>\mswuposi.exe
- %WINDIR%\Fonts\mshiwa.ttc
- <SYSTEM32>\msesmh.exe
- <SYSTEM32>\msvurucu.dll
- <SYSTEM32>\msxafuse.dll
- <SYSTEM32>\msjari.dll
- <SYSTEM32>\mslefig.dll
- <SYSTEM32>\msxupe.dll
- 'sm##.gmail.com':465
- DNS ASK sm##.gmail.com
- ClassName: 'TCommunicatorForm' WindowName: ''
- ClassName: 'tSkMainForm' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''