Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe] 'Debugger' = 'C:\ProgramData\Microsoft\Windows\Templates\lr4aw4309slk49slk4j9sl456y.ex...
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = '<SYSTEM32>\lr4aw4309slk49slk4j9sl456y.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe] 'Debugger' = '<SYSTEM32>\lr4aw4309slk49slk4j9sl456y.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe] 'Debugger' = 'C:\ProgramData\Microsoft\Windows\Templates\igfxtrey.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = 'C:\ProgramData\Microsoft\Windows\Templates\lr4aw4309slk49slk4j9sl456y.ex...
- '<SYSTEM32>\taskkill.exe' /F /IM explorer.exe
- %WINDIR%\Explorer.EXE
- %APPDATA%\Microsoft\Speech\Files\UserLexicons\SP_F167B1B9B22D4868855F53067DFF138E.dat
- ClassName: 'CicLoaderWndClass' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''