Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%CommonProgramFiles%\System\sys32dot.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%CommonProgramFiles%\LSASS.EXE' = '%CommonProgramFiles%\LSASS.EXE:*:Enabled:WindowsNTServices'
- %CommonProgramFiles%\System\sys32dot.exe
- %CommonProgramFiles%\LSASS.EXE
- %CommonProgramFiles%\System\sys32dot.exe
- %TEMP%\~DFD3C8.tmp
- %CommonProgramFiles%\LSASS.EXE