Техническая информация
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] 'Win32SystemFile' = 'C:\MSystem.com'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] 'X-PowerPCHealth' = '<SYSTEM32>\PCHealth.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Application Installer' = '%WINDIR%\Installer\Installer.com'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] 'X-PowerPCHealth' = '<SYSTEM32>\PCHealth.com'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win32SystemFile' = 'C:\MSystem.com'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'X-PowerPCHealth' = '<SYSTEM32>\PCHealth.com'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] 'Win32SystemFile' = 'C:\MSystem.com'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoRun' = '1'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '1'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '1'
- %WINDIR%\Installer\Installer.com
- <SYSTEM32>\PCHealth.com
- C:\MSystem.com
- %WINDIR%\Installer\Installer.com
- <SYSTEM32>\PCHealth.com
- C:\MSystem.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''