Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] 'advapi32' = '<SYSTEM32>%WINDIR%\rund1132.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunServices] 'advapi32' = '<SYSTEM32>%WINDIR%\rund1132.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'advapi32' = '<SYSTEM32>%WINDIR%\rund1132.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'advapi32' = '<SYSTEM32>%WINDIR%\rund1132.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'advapi32' = '<SYSTEM32>%WINDIR%\rund1132.exe'
- '<SYSTEM32>%WINDIR%\rund1132.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\kill.bat""
- '%WINDIR%\explorer.exe' <Имя диска съемного носителя>:\
- '%WINDIR%\explorer.exe' C:\
- %ALLUSERSPROFILE%\Start Menu\Programs\__ ____.lnk
- <Текущая директория>\kill.bat
- <SYSTEM32>%WINDIR%\rund1132.exe
- %TEMP%\~DF137F.tmp
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '??'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'