Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Tests.exe' = '%TEMP%\Tests.exe'
- tests.exe
- %TEMP%\tests.exe
- %APPDATA%\ged.exe
- %TEMP%\tmp1.tmp.vbs
- %TEMP%\tmp2.tmp.vbs
- %TEMP%\tmp3.tmp.vbs
- %TEMP%\tmp4.tmp.vbs
- %TEMP%\tmp5.tmp.vbs
- %TEMP%\tmp6.tmp.vbs
- %TEMP%\tmp1.tmp.vbs
- %APPDATA%\ged.exe
- %TEMP%\tmp2.tmp.vbs
- %TEMP%\tmp3.tmp.vbs
- %TEMP%\tmp4.tmp.vbs
- %TEMP%\tmp5.tmp.vbs
- %TEMP%\tmp6.tmp.vbs
- %APPDATA%\ged.exe
- '%TEMP%\tests.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp1.tmp.vbs"
- '%APPDATA%\ged.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp2.tmp.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp3.tmp.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp4.tmp.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp5.tmp.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp6.tmp.vbs"
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /rl highest /tn ged.exe /tr "%APPDATA%\ged.exe' (со скрытым окном)
- '<SYSTEM32>\wbem\wmiapsrv.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /rl highest /tn ged.exe /tr "%APPDATA%\ged.exe
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp7.tmp.vbs"