Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'p30rayan2' = '"%PROGRAM_FILES% (x86)\update\egui.exe" -silent'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'p30rayan1' = '"%PROGRAM_FILES%\update\egui.exe" -silent'
- '%TEMP%\RarSFX0\FS.exe'
- '%TEMP%\RarSFX0\end.exe'
- '%TEMP%\RarSFX0\reg1_86.exe'
- '<SYSTEM32>\mode.com' CON: COLS=60 LINES=10
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\reg1.cmd" "
- %TEMP%\RarSFX0\Run.bat
- %TEMP%\RarSFX0\end.exe
- %WINDIR%\64.bat
- %WINDIR%\wait.exe
- %WINDIR%\host.bat
- %TEMP%\RarSFX0\reg1_86.exe
- %TEMP%\RarSFX0\Activator.exe
- %TEMP%\RarSFX0\RunOnce.exe
- %TEMP%\RarSFX0\FS.exe
- %TEMP%\RarSFX0\reg1_64.exe
- %TEMP%\RarSFX0\reg1.cmd
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'