Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\IE] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\IE] 'ImagePath' = '%CommonProgramFiles%\Microsoft Shared\MSINFO\spoolsv.exe'
- <SYSTEM32>\calc.exe
- iexplore.exe
- %CommonProgramFiles%\microsoft shared\msinfo\spoolsv.exe
- <SYSTEM32>\_spoolsv.exe
- %CommonProgramFiles%\microsoft shared\msinfo\delet.bat
- %CommonProgramFiles%\microsoft shared\msinfo\spoolsv.exe
- <SYSTEM32>\_spoolsv.exe
- DNS ASK cz##fyl.cn
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'TCK2007409' WindowName: ''
- '%CommonProgramFiles%\microsoft shared\msinfo\spoolsv.exe'
- '<SYSTEM32>\cmd.exe' /c "%CommonProgramFiles%\Microsoft Shared\MSINFO\Delet.bat"' (со скрытым окном)
- '<SYSTEM32>\calc.exe'
- '%ProgramFiles%\internet explorer\iexplore.exe'
- '<SYSTEM32>\cmd.exe' /c "%CommonProgramFiles%\Microsoft Shared\MSINFO\Delet.bat"