Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hostprocess' = '<DRIVERS>\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hostprocess' = '<SYSTEM32>\com\svchost.exe'
- <DRIVERS>\svchost.exe
- <SYSTEM32>\Com\svchost.exe
- <DRIVERS>\svchost.exe
- ClassName: 'ThunderRT6FormDC' WindowName: 'hostprocess_1'
- ClassName: 'ThunderRT6FormDC' WindowName: 'sysctrlsform'
- ClassName: 'MU' WindowName: 'MU'
- ClassName: 'ThunderRT6FormDC' WindowName: 'sysunldrform'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: 'hostprocess_0'