Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fuckingsska' = 'C:\1.exe'
- '<SYSTEM32>\shutdown.exe' -s -t 0
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v fuckingsska /t REG_SZ /d "C:\1.exe" /f
- '<SYSTEM32>\cmd.exe' /c ""C:\start.bat" "
- C:\start.bat
- C:\1.exe
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'