Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindosUpdate' = 'C:\$Recycle.Bin\firefox.exe'
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\Policies\Associations" /v "Default File TypeRisk" /f /t "REG_DWORD" /d "6151"
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindosUpdate" /f /t "REG_SZ" /d "C:\$Recycle.Bin\firefox.exe"
- <SYSTEM32>\xcopy.exe firefox.exe C:\Users\Fronky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- <SYSTEM32>\taskkill.exe /F /im taskmgr.exe
- <SYSTEM32>\ping.exe localhost -n 1
- <SYSTEM32>\notepad.exe
- <SYSTEM32>\taskkill.exe /F /im taskmgr.exe /T
- <SYSTEM32>\mode.com 500
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\firefox.bat" "
- <SYSTEM32>\xcopy.exe firefox.exe C:\$Recycle.Bin
- <SYSTEM32>\ping.exe localhost -n 2
- <SYSTEM32>\taskkill.exe /F /Im explorer.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\1.tmp\firefox.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''