Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'InternalSystray' = '<SYSTEM32>\kernel32.exe'
- %WINDIR%\syswow64\kernel32.exe
- %WINDIR%\syswow64\kernel32.exe
- ClassName: 'FileMonClass', WindowName: ''
- ClassName: 'RegMonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %ALLUSERSPROFILE%\temp\raidtest
- %TEMP%\vbc.exe
- %WINDIR%\syswow64\kernel32.exe
- %TEMP%\d965a3dc.tmp
- '%TEMP%\vbc.exe'
- '%WINDIR%\syswow64\kernel32.exe'