Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sys32startup' = '%TEMP%\majukas.exe'
- %TEMP%\system32log.log
- '%WINDIR%\syswow64\cmd.exe' /c REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v sys32startup
- '%WINDIR%\syswow64\reg.exe' QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v sys32startup
- '%WINDIR%\syswow64\cmd.exe' /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v sys32startup /t REG_SZ /d %TEMP%\majukas.exe
- '%WINDIR%\syswow64\reg.exe' ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v sys32startup /t REG_SZ /d %TEMP%\majukas.exe
- '%WINDIR%\syswow64\cmd.exe' /c move majukas.exe %LOCALAPPDATA%\Temp
- '%WINDIR%\syswow64\cmd.exe' /c del /F /Q majukas.exe