Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AUTORUN' = '%WINDIR%\autorun.exe'
- %WINDIR%\autorun.exe
- <SYSTEM32>\reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v AUTORUN /t REG_SZ /d %WINDIR%\autorun.exe /f"
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\1.bat" /start"
- <SYSTEM32>\wscript.exe "%ALLUSERSPROFILE%\1.vbs"
- %ALLUSERSPROFILE%\autorun.exe
- %WINDIR%\autorun.exe
- %ALLUSERSPROFILE%\1.bat
- %ALLUSERSPROFILE%\1.vbs
- 'ds##.3322.org':7558
- DNS ASK ds##.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''