Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Microsoft-Startup Manager' = 'dllhost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft-Component Manager' = 'lsass.exe'
- скрытых файлов
- Средство контроля пользовательских учетных записей (UAC)
- %CommonProgramFiles%\Microsoft Components\dllhost.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft Components\lsass.exe
- <SYSTEM32>\attrib.exe -s -h %CommonProgramFiles%\Microsoft Components
- <SYSTEM32>\attrib.exe -s -h %ALLUSERSPROFILE%\Application Data\Microsoft Components
- %CommonProgramFiles%\Microsoft Components\dllhost.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft Components\lsass.exe
- %CommonProgramFiles%\Microsoft Components\dllhost.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft Components\lsass.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''