Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Security Standard' = 'zSHSecStdProc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SHSecAgent] 'Start' = '00000002'
- <SYSTEM32>\zSHSecUtilChangeAdmin.exe
- <SYSTEM32>\zSHSecAgent.exe /service
- <SYSTEM32>\zSHSetPPToCurrentUser.exe
- <SYSTEM32>\net1.exe start SHSecAgent
- <SYSTEM32>\zSHSetPPToCurrentUser.exe
- <SYSTEM32>\zSHSecAgent.exe
- <SYSTEM32>\zSHSecStdProc.log
- \Device\LanmanRedirector\USER-4BB09A9C02*\MAILSLOT\NET\NETLOGON
- <SYSTEM32>\zSHSecMsg.exe
- <SYSTEM32>\zSHSecStdProc.ini
- <SYSTEM32>\zSHSecStdProc.exe
- <SYSTEM32>\zSHSecUtilSAM.exe
- <SYSTEM32>\zSHSecUtilChangeAdmin.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''