Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'slear.exe' = '<SYSTEM32>\slear.exe'
- '<SYSTEM32>\net1.exe' user FFPXOMEV slear
- '<SYSTEM32>\LogonUI.exe' /flags:0x0
- '<SYSTEM32>\shutdown.exe' -s -t 0
- <SYSTEM32>\slear.exe
- ClassName: 'CicLoaderWndClass' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'