Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Sqlite.hta
- %HOMEPATH%\Start Menu\Programs\Startup\IDMan.lnk
- '<SYSTEM32>\cmd.exe' /c C:\Mic\c.bat
- '<SYSTEM32>\cacls.exe' %HOMEPATH%\AppData\Local\Microsoft\Windows\History /E /t /c /d Administrators
- '<SYSTEM32>\cmd.exe' /c cacls %HOMEPATH%\AppData\Local\Microsoft\Windows\History /E /t /c /d Administrators
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "C:\Mic\ll.doc"
- '%HOMEPATH%\AppData\Local\Microsoft\Windows\History\cscript.exe' %HOMEPATH%\AppData\Local\Microsoft\Windows\History\update.jse
- %HOMEPATH%\AppData\Local\Microsoft\Windows\History\idm.ico
- C:\Mic\c.bat
- %HOMEPATH%\AppData\Local\Microsoft\Windows\History\update.jse
- C:\Mic\ll.doc
- %HOMEPATH%\AppData\Local\Microsoft\Windows\History\cscript.exe
- C:\Mic\c.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''