Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SysMonitor' = 'C:\SysMonitor\SystemMonitor.exe'
- '<SYSTEM32>\taskkill.exe' /IM SystemMonitor.exe /F /T
- C:\sysmonitor\cfg
- C:\sysmonitor\systemmonitor.exe
- C:\sysmonitor\ie_home.bat
- C:\sysmonitor\runonce.cmd
- C:\sysmonitor\sqlite3.dll
- C:\sysmonitor\uninstall.cmd
- C:\sysmonitor\cfg
- C:\sysmonitor\ie_home.bat
- C:\sysmonitor\runonce.cmd
- C:\sysmonitor\sqlite3.dll
- C:\sysmonitor\uninstall.cmd
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- 'C:\sysmonitor\systemmonitor.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\SysMonitor\ie_home.bat" http://www.li###at.com"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\SysMonitor\runonce.cmd" "
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SysMonitor /d "C:\SysMonitor\SystemMonitor.exe" /f
- '<SYSTEM32>\cmd.exe' /c ""C:\SysMonitor\ie_home.bat" http://www.li###at.com"
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "http://www.li##kat.com" /f