Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HJS' = '<Полный путь к файлу>'
- '<SYSTEM32>\cmd.exe' /c echo y|Cacls "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /t /p everyone:f
- '<SYSTEM32>\cacls.exe' "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /t /p everyone:f
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Start Menu\Programs\Startup" /t /p everyone:f
- '<SYSTEM32>\cmd.exe' /c echo y|Cacls "%HOMEPATH%\Start Menu\Programs\Startup" /t /p everyone:f
- '<SYSTEM32>\cmd.exe' /S /D /c" echo y"
- %WINDIR%\notepad.exe.new
- %ALLUSERSPROFILE%\Favorites\技术员系统下载.url
- %WINDIR%\taskman.exe.new
- <SYSTEM32>\dllcache\taskman.exe.new
- <SYSTEM32>\dllcache\notepad.exe.new
- %HOMEPATH%\Favorites\Links\技术员系统下载.url
- %HOMEPATH%\Favorites\Links\技术员网址导航.url
- %HOMEPATH%\Favorites\技术员网址导航.url
- %ALLUSERSPROFILE%\Favorites\技术员网址导航.url
- %HOMEPATH%\Favorites\技术员系统下载.url
- %WINDIR%\sleep.exe
- %WINDIR%\TASKMAN.EXE
- %WINDIR%\NOTEPAD.EXE
- %WINDIR%\sfk.exe