Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PowerManagement] 'Start' = '00000002'
- C:\Users\user\doc\Resource.exe
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\cmd.exe /c RunDll.bat
- <SYSTEM32>\net1.exe start
- <SYSTEM32>\route.exe print
- <SYSTEM32>\systeminfo.exe
- <SYSTEM32>\attrib.exe c:\recycler +s +h
- <SYSTEM32>\cmd.exe /c ""c:\Users\user\doc\tgn.bat" "
- <SYSTEM32>\wscript.exe "c:\Users\user\doc\jsc.vbs"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shell32.dll,OpenAs_RunDLL c:\Users\user\doc\Twins going nude.pps
- <SYSTEM32>\net1.exe start PowerManagement
- <SYSTEM32>\attrib.exe c:\Users +s +h
- <SYSTEM32>\route.exe
- C:\Users\user\doc\Twins going nude.pps
- <SYSTEM32>\RunDll.bat
- <SYSTEM32>\Sysinfo.txt
- C:\Users\user\doc\jsc.vbs
- C:\Users\user\doc\Resource.exe
- C:\Users\user\doc\tgn.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''