Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wmssetup' = '<SYSTEM32>\rundll32.exe "%ProgramFiles%\Windows Media Player\wmssetup.dll",LaunchProcessInputFiles'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ASYNCMAC' = 'rundll32.exe streamci,StreamingDeviceSetup {eeab7790-c514-11d1-b42b-00805fc1270e},asyncmac,{ad498944-762f-11d0-8dcb-00c0...
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Zm' = 'Deploy.exe -Go2Desktop'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'iessetup' = '<SYSTEM32>\rundll32.exe "%ProgramFiles%\Internet Explorer\iessetup.dll",LaunchProcessInputFiles'
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 2&del /q "<Полный путь к файлу>"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2
- '<SYSTEM32>\cmd.exe' /c takeown /f "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" && icacls "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" /grant administrators:F /t
- '<SYSTEM32>\cmd.exe' /c takeown /f "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" && icacls "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star...
- %TEMP%\aut2.tmp
- %TEMP%\2832xbbgorf
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\2832xbbgorf
- %TEMP%\aut1.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''