Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'test' = '%APPDATA%\windows explorer.exe'
- %TEMP%\_mei24762\microsoft.vc90.crt.manifest
- %TEMP%\_mei24762\_hashlib.pyd
- %TEMP%\_mei24762\_socket.pyd
- %TEMP%\_mei24762\_ssl.pyd
- %TEMP%\_mei24762\bz2.pyd
- %TEMP%\_mei24762\like.exe.manifest
- %TEMP%\_mei24762\msvcm90.dll
- %TEMP%\_mei24762\msvcp90.dll
- %TEMP%\_mei24762\msvcr90.dll
- %TEMP%\_mei24762\python27.dll
- %TEMP%\_mei24762\select.pyd
- %TEMP%\_mei24762\unicodedata.pyd
- %TEMP%\_mei24762\include\pyconfig.h
- %APPDATA%\windows explorer.exe
- %TEMP%\_mei24762\bz2.pyd
- %TEMP%\_mei24762\include\pyconfig.h
- %TEMP%\_mei24762\like.exe.manifest
- %TEMP%\_mei24762\microsoft.vc90.crt.manifest
- %TEMP%\_mei24762\msvcm90.dll
- %TEMP%\_mei24762\msvcp90.dll
- %TEMP%\_mei24762\msvcr90.dll
- %TEMP%\_mei24762\python27.dll
- %TEMP%\_mei24762\select.pyd
- %TEMP%\_mei24762\unicodedata.pyd
- %TEMP%\_mei24762\_hashlib.pyd
- %TEMP%\_mei24762\_socket.pyd
- %TEMP%\_mei24762\_ssl.pyd
- '<LOCALNET>.204.132':4444
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "%APPDATA%\windows explorer.exe""' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "%APPDATA%\windows explorer.exe""
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "%APPDATA%\windows explorer.exe"