Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ProcessGovernor' = '"%ProgramFiles%\Process Lasso\ProcessGovernor.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ProcessLassoManagementConsole' = '"%ProgramFiles%\Process Lasso\ProcessLasso.exe /tray"'
- %TEMP%\RarSFX0\ProcessLasso.exe
- %ProgramFiles%\Process Lasso\InstallHelper.exe
- %ProgramFiles%\Process Lasso\ProcessLasso.exe.manifest
- %ProgramFiles%\Process Lasso\ProcessGovernor.exe.manifest
- %ProgramFiles%\Process Lasso\srvstub.exe
- %ProgramFiles%\Process Lasso\ProcessGovernor.exe
- %ProgramFiles%\Process Lasso\CPUEater.exe
- %ProgramFiles%\Process Lasso\ProcessLasso.exe
- %ProgramFiles%\Process Lasso\InstallHelper.exe.manifest
- C:\Config.Msi\235de.rbs
- %WINDIR%\Installer\MSI3.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- %WINDIR%\Installer\235dd.ipi
- %ProgramFiles%\Process Lasso\MakeService.exe
- %ProgramFiles%\Process Lasso\plActivate.exe
- %ProgramFiles%\Process Lasso\ProcessGovernor.exe.manifest.normal
- %ProgramFiles%\Process Lasso\ProcessLasso.exe.manifest.normal
- %WINDIR%\Installer\{51C04006-2ABE-4A3D-BFA7-41D4CDB4348C}\CPUEater.exe
- %WINDIR%\Installer\{51C04006-2ABE-4A3D-BFA7-41D4CDB4348C}\ProcessLasso.exe
- %WINDIR%\Installer\{51C04006-2ABE-4A3D-BFA7-41D4CDB4348C}\stop_governor.exe
- %WINDIR%\Installer\{51C04006-2ABE-4A3D-BFA7-41D4CDB4348C}\start_governor.exe
- %WINDIR%\Installer\235df.msi
- %APPDATA%\ProcessLasso\prolasso.ini
- %ALLUSERSPROFILE%\Start Menu\Programs\Process Lasso\ProcessLasso.lnk
- %ALLUSERSPROFILE%\Desktop\ProcessLasso.lnk
- %ProgramFiles%\Process Lasso\TweakScheduler.exe
- %ProgramFiles%\Process Lasso\vistammsc.exe
- %ProgramFiles%\Process Lasso\stop-governor.bat
- %ProgramFiles%\Process Lasso\ProcessLasso.exe.manifest.highestAvailableRights
- %ProgramFiles%\Process Lasso\TestLasso.exe
- %ProgramFiles%\Process Lasso\start-governor.bat
- %ProgramFiles%\Process Lasso\ProcessGovernor.exe.manifest.highestAvailableRights
- %ProgramFiles%\Process Lasso\pl_rsrc_russian.dll
- %ProgramFiles%\Process Lasso\pl_rsrc_english.dll
- %ProgramFiles%\Process Lasso\QuickUpgrade.exe
- %WINDIR%\Installer\{51C04006-2ABE-4A3D-BFA7-41D4CDB4348C}\ProcessLasso_1.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- %TEMP%\RarSFX0\MakeService.exe
- %TEMP%\RarSFX0\InstallHelper.exe.manifest
- %TEMP%\RarSFX0\InstallHelper.exe
- %TEMP%\RarSFX0\CPUEater.exe
- %TEMP%\RarSFX0\boomer.exe
- %TEMP%\RarSFX0\boomer.cmd
- %TEMP%\RarSFX0\vistammsc.exe
- %TEMP%\RarSFX0\TweakScheduler.exe
- %TEMP%\RarSFX0\TestLasso.exe
- %TEMP%\RarSFX0\stop-governor.bat
- %TEMP%\RarSFX0\start-governor.bat
- %TEMP%\RarSFX0\srvstub.exe
- %TEMP%\RarSFX0\QuickUpgrade.exe
- %TEMP%\RarSFX0\ProcessLasso.msi
- %TEMP%\RarSFX0\ProcessLasso.exe.manifest.normal
- %TEMP%\RarSFX0\ProcessLasso.exe.manifest.highestAvailableRights
- %TEMP%\RarSFX0\ProcessLasso.exe.manifest
- %TEMP%\RarSFX0\pl_rsrc_english.dll
- %TEMP%\RarSFX0\pl_rsrc_russian.dll
- %TEMP%\RarSFX0\plActivate.exe
- %TEMP%\RarSFX0\ProcessGovernor.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\235db.msi
- %TEMP%\RarSFX0\ProcessGovernor.exe.manifest.normal
- %TEMP%\RarSFX0\ProcessGovernor.exe.manifest.highestAvailableRights
- %TEMP%\RarSFX0\ProcessGovernor.exe.manifest
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- %WINDIR%\Installer\{51C04006-2ABE-4A3D-BFA7-41D4CDB4348C}\ProcessLasso_2.exe
- %WINDIR%\Installer\MSI1.tmp
- %TEMP%\RarSFX0\TestLasso.exe
- %TEMP%\RarSFX0\stop-governor.bat
- %TEMP%\RarSFX0\start-governor.bat
- %TEMP%\RarSFX0\srvstub.exe
- %TEMP%\RarSFX0\QuickUpgrade.exe
- %TEMP%\RarSFX0\ProcessLasso.msi
- %TEMP%\RarSFX0\ProcessLasso.exe.manifest.normal
- %TEMP%\RarSFX0\ProcessLasso.exe.manifest.highestAvailableRights
- %TEMP%\RarSFX0\ProcessLasso.exe.manifest
- %TEMP%\RarSFX0\ProcessLasso.exe
- %TEMP%\RarSFX0\ProcessGovernor.exe.manifest.normal
- %TEMP%\RarSFX0\ProcessGovernor.exe.manifest.highestAvailableRights
- %TEMP%\RarSFX0\ProcessGovernor.exe.manifest
- %TEMP%\RarSFX0\TweakScheduler.exe
- %TEMP%\RarSFX0\ProcessGovernor.exe
- %TEMP%\RarSFX0\pl_rsrc_english.dll
- %TEMP%\RarSFX0\plActivate.exe
- %TEMP%\RarSFX0\MakeService.exe
- %TEMP%\RarSFX0\InstallHelper.exe.manifest
- %TEMP%\RarSFX0\InstallHelper.exe
- %TEMP%\RarSFX0\CPUEater.exe
- %TEMP%\RarSFX0\boomer.exe
- %TEMP%\RarSFX0\boomer.cmd
- %WINDIR%\Installer\235dd.ipi
- %WINDIR%\Installer\235db.msi
- C:\Config.Msi\235de.rbs
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI2.tmp
- %TEMP%\RarSFX0\pl_rsrc_russian.dll
- %TEMP%\RarSFX0\vistammsc.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX0\boomer.exe' boomer.cmd
- '<SYSTEM32>\cmd.exe' /c boomer.cmd
- '<SYSTEM32>\msiexec.exe' /i "ProcessLasso.msi" /qb
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 63D512B64203E1A3C18C74A7465E1512