Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{Azd34211-D82W-15cf-64CD-31FFAFEECF20}] 'StubPath' = '<SYSTEM32>\winlogo.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\r0keylog] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\r0keylog] 'ImagePath' = '<Текущая директория>\drv.sys'
- <SYSTEM32>\winlogo.exe
- <Текущая директория>\drv.sys