Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'alltaskhost' = '<Current directory>\vcredist_x86_2012.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe] 'debugger' = 'null'
- ClassName: '#32770' WindowName: 'Windows ?????'
- '%WINDIR%\syswow64\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe" /v debugger /d null /f' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v alltaskhost /d "<Current directory>\vcredist_x86_2012.exe" /f' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe" /v debugger /d null /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v alltaskhost /d "<Current directory>\vcredist_x86_2012.exe" /f