Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\check.lnk
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\system32\check.vbs"
- '<SYSTEM32>\find.exe' /I "CrashHandlerService.exe"
- '<SYSTEM32>\tasklist.exe' /FI "ImageName EQ Taskmgr.exe "
- '<SYSTEM32>\find.exe' /I "Taskmgr.exe "
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\System32\check.cmd" "
- '<SYSTEM32>\tasklist.exe' /FI "ImageName EQ CrashHandlerService.exe"
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\System32\exp.cmd" "
- C:\ProgramData\system32\000.lnk
- C:\ProgramData\system32\config.json
- C:\ProgramData\system32\runny.vbs
- C:\ProgramData\system32\check.vbs
- C:\ProgramData\system32\exp.cmd
- C:\ProgramData\system32\check.cmd
- C:\ProgramData\system32\CrashHandlerService.exe
- C:\ProgramData\system32\runny.cmd
- C:\ProgramData\system32\000.lnk
- C:\ProgramData\system32\config.json
- C:\ProgramData\system32\runny.vbs
- C:\ProgramData\system32\check.vbs
- C:\ProgramData\system32\exp.cmd
- C:\ProgramData\system32\check.cmd
- C:\ProgramData\system32\CrashHandlerService.exe
- C:\ProgramData\system32\runny.cmd
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''