Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinHelp] 'Start' = '00000002'
- %TEMP%\1.tmp\rs.exe
- %WINDIR%\regedit.exe /s key.reg
- <SYSTEM32>\ping.exe 127.0.0.1
- <SYSTEM32>\shutdown.exe -t 1 -r -c "Oshybka Windows Systems"
- <SYSTEM32>\reg.exe import key.reg
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\1.cmd" <Текущая директория>\"
- <SYSTEM32>\attrib.exe +h +s <SYSTEM32>\WinHelp
- <SYSTEM32>\reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Radmin" /f
- <SYSTEM32>\WinHelp\rserver3.exe
- <SYSTEM32>\WinHelp\WinLpcDl.dll
- %TEMP%\1.tmp\key.reg
- %TEMP%\1.tmp\1.cmd
- %TEMP%\1.tmp\rs.exe
- %TEMP%\1.tmp\1.cmd
- %TEMP%\1.tmp\key.reg
- %TEMP%\1.tmp\rs.exe
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''