Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'system' = 'c:\ProgramData\app\updater.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "Google" /tr "taskkill /f /t /im updater.exe" /sc MINUTE /MO 44 /F
- '<SYSTEM32>\schtasks.exe' /create /tn "GoogleUpdate" /tr "c:\ProgramData\app\updater.exe" /sc MINUTE /MO 15 /RU SYSTEM /F
- '<SYSTEM32>\reg.exe' add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v system /d "c:\ProgramData\app\updater.exe" /t REG_SZ /f
- '<SYSTEM32>\schtasks.exe' /create /tn "Google" /tr "taskkill /f /t /im updater.exe" /sc MINUTE /MO 44 /RU SYSTEM /F
- '%TEMP%\cp.exe'
- '%TEMP%\Dumpper v.80.9.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "GoogleUpdate" /tr "c:\ProgramData\app\updater.exe" /sc MINUTE /MO 15 /F
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" "%TEMP%\cp.exe""
- %TEMP%\1.tmp\updater.exe
- C:\ProgramData\app\updater.exe
- %TEMP%\1.tmp\2.bat
- %TEMP%\Dumpper v.80.9.exe
- %TEMP%\cp.exe
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''