Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startname' = '%ProgramFiles(x86)%\1.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- %ProgramFiles(x86)%\1.exe
- http://www.we##ite.com/download.html
- DNS ASK we##ite.com
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Startname" /t REG_SZ /d "%ProgramFiles(x86)%\1.exe" /f' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Startname" /t REG_SZ /d "%ProgramFiles(x86)%\1.exe" /f
- '%WINDIR%\syswow64\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Startname" /t REG_SZ /d "%ProgramFiles(x86)%\1.exe" /f