Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{E6630F5F-B6DB-4246-B921-8C1A5FB792C4}] 'StubPath' = '%APPDATA%\Microsoft Backups\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Microsoft Backups\winlogin.exe' = '%APPDATA%\Microsoft Backups\winlogin.exe:*:Enabled:svchost'
- %APPDATA%\Microsoft Backups\svchost.exe [load]
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %APPDATA%\crc
- %APPDATA%\Microsoft Backups\svchost.exe
- %TEMP%\26D488F2.TMP