Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ccleaner' = 'cmd /c "start "ccleaner" "%ProgramFiles%\systemwin\system.exe"'
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "ccleaner" /d "cmd /c """start """ccleaner""" """%ProgramFiles%\systemwin\system.exe"""" /f"
- '<SYSTEM32>\schtasks.exe' /create /tn "ccleaner" /tr "'%ProgramFiles%\systemwin\system.exe' /startup" /sc MINUTE /f /rl highest
- <SYSTEM32>\schtasks.exe
- %APPDATA%\helper\Screenshots\04-15-2017\3.08 PM
- %ProgramFiles%\systemwin\system.exe
- 'cr###.viewdns.net':5555
- DNS ASK cr###.viewdns.net
- ClassName: 'Shell_TrayWnd' WindowName: ''