Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe] 'debugger' = 'rundll32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'debugger' = 'rundll32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'debugger' = 'rundll32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss.exe] 'debugger' = 'rundll32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe] 'debugger' = 'rundll32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe] 'debugger' = 'rundll32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe] 'debugger' = 'rundll32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'debugger' = 'rundll32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogen.exe] 'debugger' = 'rundll32.exe'
- '%WINDIR%\regedit.exe' /S "%HOMEPATH%\Local Settings\Temp.\DefOpen.reg"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\122375.bat
- %TEMP%\DefOpen.reg
- %TEMP%\122375.bat
- %TEMP%\122375.bat
- %TEMP%\DefOpen.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''