Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\start.exe.lnk
- %TEMP%\start.exe
- %TEMP%\ztmp\t20110.bat
- %TEMP%\ztmp\t20159.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\start.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ztmp\t20110.bat" "%TEMP%\start.exe" "
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 1 /TN "Update" /TR "%APPDATA%\update\xivy.exe"