Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SYSTEM32' = '%WINDIR%\SYSTEM.EXE'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ /v SYSTEM32 /t REG_SZ /d "%WINDIR%\SYSTEM.EXE"
- '<SYSTEM32>\reg.exe' delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\w.bat" "
- %WINDIR%\W.BAT
- %WINDIR%\SYSTEM.rar
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''