Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe' = '<SYSTEM32>\ctfmon.exe'
- '<SYSTEM32>\cmd.exe' /c reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v ctfmon.exe /d <SYSTEM32>\ctfmon.exe
- '<SYSTEM32>\reg.exe' delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /va /f
- '<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v ctfmon.exe /d <SYSTEM32>\ctfmon.exe
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
- '<SYSTEM32>\cmd.exe' /c reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
- '<SYSTEM32>\cmd.exe' /c reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va /f
- '<SYSTEM32>\cmd.exe' /c devmgmt.msc
- '<SYSTEM32>\reg.exe' delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va /f
- '<SYSTEM32>\cmd.exe' /c reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /va /f
- '<SYSTEM32>\mmc.exe' "<SYSTEM32>\devmgmt.msc"