Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ysjl' = '<SYSTEM32>\ysjl.exe'
- <SYSTEM32>\taskkill.exe -f -im reg.exe
- <SYSTEM32>\taskkill.exe -f -im cmd.exe
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\reg.exe add Hkey_local_machine\software\microsoft\windows\currentversion\run /v ysjl /d "<SYSTEM32>\ysjl.exe
- <SYSTEM32>\ip.txt
- <SYSTEM32>\jl.txt
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''