Technical Information
- ClassName: 'Autoruns', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCEXPL', WindowName: ''
- %ALLUSERSPROFILE%\Application Data\Ngen\WINWORD.EXE
- %ALLUSERSPROFILE%\Application Data\Ngen\WINWORD.EXE
- <Full path to file>
- 'ra#.####ubusercontent.com':443
- DNS ASK ra#.####ubusercontent.com
- ClassName: 'PROCMOM_WINDOW_CLASS' WindowName: ''
- '%ALLUSERSPROFILE%\Application Data\Ngen\WINWORD.EXE' -P2 "<Full path to file>"