Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '"C:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Dos Facebook.bat"' = '"%TEMP%\ir_ext_temp_0\AutoPlay\Docs\Dos Faceb...
- %WINDIR%\XXInstall\ps.exe
- %WINDIR%\Dos FB By Ahmed.exe
- %WINDIR%\Dos Fb.bat
- %TEMP%\ir_ext_temp_0\AutoPlay\Audio\Click1.ogg
- %TEMP%\ir_ext_temp_0\AutoPlay\Audio\High1.ogg
- %TEMP%\ir_ext_temp_0\AutoPlay\autorun.cdd
- %TEMP%\ir_ext_temp_0\AutoPlay\Docs\Dos Facebook.bat
- %TEMP%\ir_ext_temp_0\AutoPlay\Docs\fhe.bat
- %TEMP%\ir_ext_temp_0\AutoPlay\Icons\tunisia.ico
- %TEMP%\ir_ext_temp_0\AutoPlay\Images\f.png
- %TEMP%\ir_ext_temp_0\autorun.exe
- %TEMP%\ir_ext_temp_0\lua5.1.dll
- %TEMP%\ir_ext_temp_0\lua51.dll
- %TEMP%\ir_ext_temp_0\tunisia.ico
- ClassName: '' WindowName: 'Windows Task Manager'
- '%WINDIR%\Dos FB By Ahmed.exe'
- '%TEMP%\ir_ext_temp_0\autorun.exe' "SFXSOURCE:%WINDIR%\Dos FB By Ahmed.exe"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Dos Fb.bat" "
- '<SYSTEM32>\cmd.exe'
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\calc.exe'
- '<SYSTEM32>\taskmgr.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ir_ext_temp_0\AutoPlay\Docs\Dos Facebook.bat" "
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\ir_ext_temp_0\AutoPlay\Docs\Dos Facebook.bat"
- '%WINDIR%\XXInstall\ps.exe'