Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1HC5AU3ZD-654T-X3GU-GRC0-GF51AV7J1KYW}] 'StubPath' = '%CommonProgramFiles%\Microsoft Services\System Consoles\svc32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%WINDIR%\Explorer.exe "%CommonProgramFiles%\Microsoft Services\System Consoles\svc32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'System Recovery' = '%CommonProgramFiles%\Microsoft Services\System Consoles\svc32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System Recovery' = '%CommonProgramFiles%\Microsoft Services\System Consoles\svc32.exe'
- <SYSTEM32>\rundll32.exe user32.dll,UpdatePerUserSystemParameters
- ecmd.exe
- %TEMP%\wall.html
- %TEMP%\warn.png
- %CommonProgramFiles%\Microsoft Services\System Consoles\svc32.exe
- ClassName: 'Indicator' WindowName: ''