Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Microsoft.exe
- '%TEMP%\winrar501FrPr.exe'
- '<SYSTEM32>\net1.exe' user aspnet /delete
- '<SYSTEM32>\shutdown.exe' -r -f -t 150 -c " Sorry the system must Restart"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\1.bat
- %TEMP%\winrar501FrPr.exe
- %TEMP%\aut3.tmp
- %TEMP%\1.bat
- %TEMP%\aut1.tmp
- %TEMP%\Microsoft.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'