Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\taskmon] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\taskmon] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\tasksvc.exe'
- %ALLUSERSPROFILE%\Application Data\taskmon.exe
- %ALLUSERSPROFILE%\Application Data\tasksvc.exe
- %ALLUSERSPROFILE%\Application Data\taskmon.exe
- %ALLUSERSPROFILE%\Application Data\tasksvc.exe
- '%ALLUSERSPROFILE%\Application Data\tasksvc.exe'
- '%ALLUSERSPROFILE%\Application Data\taskmon.exe'