Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windowscrawler] 'Start' = '00000002'
- C:\Users\userd\doc\winit.exe
- <SYSTEM32>\net1.exe start
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\systeminfo.exe
- <SYSTEM32>\tasklist.exe
- <SYSTEM32>\route.exe print
- <SYSTEM32>\cmd.exe /c RunDll.bat
- <SYSTEM32>\cmd.exe /c ""c:\Users\userd\doc\ja.bat" "
- <SYSTEM32>\wscript.exe "c:\Users\userd\doc\jak.vbs"
- <SYSTEM32>\attrib.exe c:\Users +s +h
- <SYSTEM32>\attrib.exe c:\recycler +s +h
- <SYSTEM32>\net1.exe start Windowscrawler
- C:\Users\userd\doc\winit.exe
- <SYSTEM32>\RunDll.bat
- <SYSTEM32>\Sysinfo.txt
- C:\Users\userd\doc\123.doc
- C:\Users\userd\doc\ja.bat
- C:\Users\userd\doc\jak.vbs
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: '' WindowName: 'The Wireshark Network Analyzer'
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''