Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%WINDIR%\GNUgpg.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AppGuard' = '%WINDIR%\GNUgpg.exe'
- %WINDIR%\GNUgpg.exe
- <SYSTEM32>\dumprep.exe 2868 -dm 7 7 "%TEMP%\WER7c1e.dir00\explorer.exe.mdmp" 16325836412027124
- <SYSTEM32>\dumprep.exe 2868 -dm 7 7 "%TEMP%\WER7c1e.dir00\explorer.exe.hdmp" 16325836412027144
- <SYSTEM32>\notepad.exe
- %WINDIR%\explorer.exe
- %TEMP%\24F4F.dmp
- %TEMP%\WER7c1e.dir00\explorer.exe.mdmp
- %TEMP%\WER7c1e.dir00\explorer.exe.hdmp
- %WINDIR%\GNUgpg.exe
- %TEMP%\CARD MANAGER.EXE
- %TEMP%\dw.log
- 'ni#####619.dyndns.org':1604
- DNS ASK ni#####619.dyndns.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''