Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\debugg] 'Startup' = 'MemManager'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\debugg] 'DllName' = 'debugg.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\boot32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\boot32] 'ImagePath' = '<SYSTEM32>\boot32.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\sdmapi] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\sdmapi] 'ImagePath' = '<SYSTEM32>\sdmapi.sys'
- '<SYSTEM32>\w32_ss.exe' !!
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Software\Microsoft\Internet Account Manager]
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\SOFTWARE\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\SOFTWARE\Microsoft\Internet Account Manager\Accounts]
- <SYSTEM32>\c4.sys
- <SYSTEM32>\boot32.sys
- <SYSTEM32>\config\SSL
- <SYSTEM32>\p2.ini
- <SYSTEM32>\c3.sys
- <SYSTEM32>\debugg.dll
- <SYSTEM32>\w32_ss.exe
- <SYSTEM32>\sdmapi.sys
- <SYSTEM32>\c3.dll