Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'process32' = 'C:\Commonfiles\process32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'process' = 'C:\Commonfiles\process.exe'
- C:\Commonfiles\process32.exe
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v process32 /d "C:\Commonfiles\process32.exe" /f
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v process /d "C:\Commonfiles\process.exe" /f
- C:\Commonfiles\process32.exe
- C:\Commonfiles\process.exe
- ClassName: 'IMWindowClass' WindowName: ''