Техническая информация
- [<HKLM>\SOFTWARE\Classes\Applications\NOTEPADS.EXE\shell\open\command] '' = ''
- [<HKLM>\SOFTWARE\Classes\Applications\notepad.exe\shell\open\command] '' = ''
- [<HKLM>\SOFTWARE\Classes\txtfile\shell\open\command] '' = '%PROGRAM_FILES%\Windows NT\NOTEPADS.EXE %1'
- C:\2.exe auto
- %WINDIR%\regedit.exe -s C:\reg1.reg
- <SYSTEM32>\cmd.exe /c C:\ini.bat
- %WINDIR%\regedit.exe -s C:\reg.reg
- <SYSTEM32>\cmd.exe /c C:\star.bat
- C:\star.bat
- C:\reg1.reg
- C:\ini.bat
- %PROGRAM_FILES%\Windows NT\NOTEPADS.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\tongji[1].asp
- C:\2.exe
- C:\reg.reg
- C:\reg1.reg
- C:\2.exe
- C:\reg.reg
- 'ra###.pybao.net':80
- 'localhost':1035
- ra###.pybao.net/tongji.asp?ma###################################
- DNS ASK ra###.pybao.net
- ClassName: 'RegEdit_RegEdit' WindowName: ''