Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\ntos.exe,'
- <SYSTEM32>\ntos.exe
- ClassName: '' WindowName: 'Create rule for <File name>.exe'
- ClassName: '' WindowName: '??????? ??????? ??? <File name>.exe'
- ClassName: '' WindowName: '\u0421\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f <File name>.exe'