Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Program' = 'С:\Windows\Windows\run.bat /autorun'
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Windows\1.vbs"
- '%TEMP%\RarSFX1\System.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX2\auto1.vbs"
- '%TEMP%\RarSFX0\Nvidia.exe' -p12345
- '%TEMP%\RarSFX1\Support.exe'
- '%WINDIR%\Windows\1.exe'
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Windows\run.bat" "
- %WINDIR%\Windows\WindowsSupp0rt.exe
- %WINDIR%\Windows\1.exe
- %WINDIR%\Windows\run.bat
- %TEMP%\RarSFX2\auto1.vbs
- %WINDIR%\Windows\1.vbs
- %WINDIR%\Windows\WindowsSupport.exe
- %TEMP%\RarSFX1\System.exe
- %TEMP%\RarSFX1\Support.exe
- %TEMP%\RarSFX0\Nvidia.exe
- %WINDIR%\Windows\pool 64bit.bat
- %WINDIR%\Windows\pool 32bit.bat
- %WINDIR%\Windows\pools.txt
- %TEMP%\RarSFX2\auto1.vbs
- ClassName: 'EDIT' WindowName: ''