Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinNTsec] 'Logon' = 'ntevent'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinNTsec] 'Startup' = 'ntevent'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '*NatSec' = 'rundll32 "%ALLUSERSPROFILE%\Documents\NatSec\NatSec.dll",triggerWarheaD'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinNTsec] 'DllName' = ''
- %WINDIR%\Explorer.EXE
- C:\RECYCLER\LocalService\saver.cmd
- C:\RECYCLER\LocalService\saver.cmd