Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dhj.vbs' = '%PROGRAM_FILES%\dhj\dhj.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\dhj.vbs
- %WINDIR%\Tasks\At1.job
- '%WINDIR%\dhj.exe'
- '<SYSTEM32>\at.exe' 20:00 /every:M,T,W,Th,F,S,Su %WINDIR%\dhj.exe
- '<SYSTEM32>\wscript.exe' "%PROGRAM_FILES%\dhj\dhj.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Task plan.cmd" h"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Task plan.cmd" "
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""Task plan.cmd"" h",0)(window.close)
- %PROGRAM_FILES%\dhj\dhj.vbs
- %WINDIR%\Task plan.cmd
- %WINDIR%\dhj.exe
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'