Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%ALLUSERSPROFILE%\Start Menu\Programs\Startup\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Microsoft 0ffice.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Microsoft 0ffice.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TheReboot.exe' = '%ALLUSERSPROFILE%\Start Menu\Programs\Startup\The Reboot.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TheReboot.exe' = '%ALLUSERSPROFILE%\Start Menu\Programs\Startup\The Reboot.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%ALLUSERSPROFILE%\Start Menu\Programs\Startup\svchost.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Microsoft 0ffice.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\svchost.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\The Reboot.exe
- '<SYSTEM32>\logonui.exe' /pid=2764
- '<SYSTEM32>\logonui.exe' /pid=1140
- '<SYSTEM32>\logonui.exe' /pid=3076
- '<SYSTEM32>\logonui.exe' /pid=3296
- '<SYSTEM32>\logonui.exe' /pid=2756
- '<SYSTEM32>\taskmgr.exe' /pid=3436
- '<SYSTEM32>\taskmgr.exe' /pid=3532
- '<SYSTEM32>\taskmgr.exe' /pid=284
- '<SYSTEM32>\taskmgr.exe' /pid=3896
- '<SYSTEM32>\logonui.exe' /pid=4052
- '<SYSTEM32>\taskmgr.exe' /pid=3696
- '<SYSTEM32>\logonui.exe' /pid=3812
- '<SYSTEM32>\logonui.exe' /pid=3940
- '<SYSTEM32>\taskmgr.exe' /pid=3492
- '<SYSTEM32>\taskmgr.exe' /pid=2536
- '<SYSTEM32>\logonui.exe' /pid=3872
- '<SYSTEM32>\logonui.exe' /pid=2824
- '<SYSTEM32>\logonui.exe' /pid=3508
- '<SYSTEM32>\taskmgr.exe' /status /shutdown
- '<SYSTEM32>\logonui.exe' /pid=3456
- '<SYSTEM32>\logonui.exe' /pid=3644
- '<SYSTEM32>\taskmgr.exe' /pid=3684
- '<SYSTEM32>\logonui.exe' /pid=3356
- '<SYSTEM32>\logonui.exe' /status /shutdown
- '<SYSTEM32>\taskmgr.exe'
- '<SYSTEM32>\taskmgr.exe' /pid=2976
- '<SYSTEM32>\logonui.exe'
- '<SYSTEM32>\logonui.exe' /pid=3504
- '<SYSTEM32>\taskmgr.exe' /pid=3428
- '<SYSTEM32>\logonui.exe' /pid=2572
- '<SYSTEM32>\taskmgr.exe' /pid=3732
- '<SYSTEM32>\taskmgr.exe' /pid=3116
- '<SYSTEM32>\logonui.exe' /pid=2404
- '<SYSTEM32>\taskmgr.exe' /pid=3828
- '<SYSTEM32>\taskmgr.exe' /pid=1724
- '<SYSTEM32>\taskmgr.exe' /pid=2768
- <SYSTEM32>\taskmgr.exe
- <SYSTEM32>\logonui.exe
- C:\The Reboot.exe
- %TEMP%\~DFBDC9.tmp
- %TEMP%\~DFFCE9.tmp
- %TEMP%\~DF7923.tmp
- %TEMP%\~DFEFFD.tmp
- %TEMP%\~DF399F.tmp
- %TEMP%\~DF3CCF.tmp
- %TEMP%\~DF3A66.tmp
- %TEMP%\~DF7847.tmp
- %TEMP%\~DFFADA.tmp
- %TEMP%\~DF7EBE.tmp
- %TEMP%\~DFB8E5.tmp
- %TEMP%\~DFF29C.tmp
- %TEMP%\~DF3362.tmp
- %TEMP%\~DFB3FB.tmp
- %TEMP%\~DF36E7.tmp
- %TEMP%\~DF73F7.tmp
- %TEMP%\~DF7161.tmp
- %TEMP%\~DF71CB.tmp
- %TEMP%\~DFB1F8.tmp
- %TEMP%\~DF309A.tmp
- %TEMP%\~DFB0A0.tmp
- %TEMP%\~DFF143.tmp
- %TEMP%\~DF637D.tmp
- %TEMP%\~DFA2BB.tmp
- %TEMP%\~DF2110.tmp
- %TEMP%\~DFA09A.tmp
- %TEMP%\~DFE0C7.tmp
- %TEMP%\~DFE4F8.tmp
- %TEMP%\~DFEDB5.tmp
- %TEMP%\~DF2B99.tmp
- %TEMP%\~DFAA0B.tmp
- %TEMP%\~DF2550.tmp
- %TEMP%\~DF66D1.tmp
- %TEMP%\~DF6FA6.tmp
- %TEMP%\~DFAF61.tmp
- %TEMP%\~DF3197.tmp
- %TEMP%\~DFB30A.tmp
- %TEMP%\~DFF20E.tmp
- %TEMP%\~DFF1B8.tmp
- %TEMP%\~DF1F56.tmp
- %TEMP%\~DF5D56.tmp
- %TEMP%\~DFCD70.tmp
- %TEMP%\~DF34FA.tmp
- %TEMP%\~DF7598.tmp
- %TEMP%\~DFF693.tmp
- %TEMP%\~DFDF70.tmp
- %TEMP%\~DF1B68.tmp
- %TEMP%\~DFA5BF.tmp
- %TEMP%\~DF2EE9.tmp
- %TEMP%\~DF6A86.tmp
- %TEMP%\~DF55B5.tmp
- %TEMP%\~DF44B3.tmp
- %TEMP%\~DF7E81.tmp
- %TEMP%\~DF7E0.tmp
- %TEMP%\~DF9098.tmp
- %TEMP%\~DFCCAF.tmp
- %TEMP%\~DFF8FC.tmp
- %TEMP%\~DF3F6F.tmp
- %TEMP%\~DFA38A.tmp
- %TEMP%\~DF3948.tmp
- %TEMP%\~DF69D2.tmp
- %TEMP%\~DF8FF8.tmp
- %TEMP%\~DFB3ED.tmp
- %TEMP%\~DFF68D.tmp
- %TEMP%\~DF7238.tmp
- %TEMP%\~DFDD52.tmp
- %TEMP%\~DF26DF.tmp
- %TEMP%\~DFA8D.tmp
- %TEMP%\~DF4409.tmp
- %TEMP%\~DFCE13.tmp
- %TEMP%\~DF525E.tmp
- %TEMP%\~DF8E77.tmp
- %TEMP%\~DF8061.tmp
- %TEMP%\~DF79F6.tmp
- %TEMP%\~DFB88B.tmp
- %TEMP%\~DF3C22.tmp
- %TEMP%\~DFC031.tmp
- %TEMP%\~DFFC2A.tmp
- %TEMP%\~DF6E36.tmp
- %TEMP%\~DFA67E.tmp
- %TEMP%\~DF3241.tmp
- %TEMP%\~DFBA12.tmp
- %TEMP%\~DFF4CD.tmp
- %TEMP%\~DFE2C1.tmp
- %TEMP%\~DFD762.tmp
- %TEMP%\~DF1492.tmp
- %TEMP%\~DF9A29.tmp
- %TEMP%\~DF2049.tmp
- %TEMP%\~DF5D15.tmp
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'StatusWindowClass' WindowName: '(null)'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'