Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Hkcmd' = '%HOMEPATH%\Documents\log\log.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe
- %WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe
- %HOMEPATH%\documents\log\log.exe
- %APPDATA%\chrome.exe
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'Hkcmd' -Value '%HOMEPATH%\Documents\log\log.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Sleep -Seconds 1; Start-Process -FilePath '%HOMEPATH%\Documents\log\log.exe'
- '%HOMEPATH%\documents\log\log.exe'
- '%APPDATA%\chrome.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'Hkcmd' -Value '%HOMEPATH%\Documents\log\log.exe'' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Sleep -Seconds 1; Start-Process -FilePath '%HOMEPATH%\Documents\log\log.exe'' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe'