Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysstart' = '%WINDIR%\unstat.vbs'
- <SYSTEM32>\find.exe /i "iexplore.exe"
- <SYSTEM32>\taskkill.exe /f /im "iexplore.exe"
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v sysstart /t REG_SZ /d %WINDIR%\unstat.vbs /f
- <SYSTEM32>\tasklist.exe
- iexplore.exe
- %WINDIR%\unstat.vbs
- %TEMP%\sl.vbs
- %TEMP%\bt7107.bat
- %TEMP%\bt7107.bat
- ClassName: '' WindowName: ''