Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'System' = '<SYSTEM32>\microsoft.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{TEST_9381D8F2-0288-11D0-9501-00AA00B911A5}] 'StubPath' = '<SYSTEM32>\run.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'microsoft' = '%WINDIR%\winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe winsock.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\internet
- %WINDIR%\winsock.exe
- %WINDIR%\winlogon.exe
- 'fl###mode.8s.nl':100
- DNS ASK fl###mode.8s.nl
- ClassName: 'shell_traywnd' WindowName: '(null)'