Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'prosystem2' = '%WINDIR%\inf.cmd'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'prosystem' = '%WINDIR%\vi.vbs'
- %TEMP%\1.tmp\2.bat
- '<SYSTEM32>\xcopy.exe' /q /y com\inf.cmd %WINDIR%
- '<SYSTEM32>\reg.exe' ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V prosystem /T REG_SZ /D %WINDIR%\vi.vbs /F
- '<SYSTEM32>\reg.exe' ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V prosystem2 /T REG_SZ /D %WINDIR%\inf.cmd /F
- '<SYSTEM32>\xcopy.exe' /q /y com\vi.vbs %WINDIR%
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" <Полный путь к файлу>"
- '<SYSTEM32>\xcopy.exe' /q /y com\inf.cmd "%HOMEPATH%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
- '<SYSTEM32>\xcopy.exe' /q /y com\vi.vbs "%HOMEPATH%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"