Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'MsWord' = 'cmd /c "start "MsWord" "%ProgramFiles%\Msconfig\config.exe"'
- '<SYSTEM32>\schtasks.exe' /create /NP /sc onlogon /tn "MsWord" /rl highest /tr "'%ProgramFiles%\Msconfig\config.exe' /startup" /f
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "MsWord" /d "cmd /c """start """MsWord""" """%ProgramFiles%\Msconfig\config.exe"""" /f"
- <SYSTEM32>\reg.exe
- %APPDATA%\client\Screenshots\02-02-2017\4.05 PM
- %ProgramFiles%\Msconfig\config.exe
- 'pa####by.myftp.biz':3366
- DNS ASK pa####by.myftp.biz