Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'debugger' = 'drmsvc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibhost.exe] 'debugger' = 'drmsvc.exe'
- <Текущая директория>\SH.bat
- <Текущая директория>\U.bat
- <Текущая директория>\prop.exe
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\U.bat" "
- '<SYSTEM32>\chcp.com' 1251
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\SH.bat" "
- '<SYSTEM32>\attrib.exe' -h -s -r <SYSTEM32>\dllcache
- '<SYSTEM32>\net.exe' user ontar /DELETE
- '<SYSTEM32>\net1.exe' user ontar /DELETE
- '<SYSTEM32>\reg.exe' Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "debugger" /t REG_SZ /d "drmsvc.exe" /f
- '<SYSTEM32>\reg.exe' Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibhost.exe" /v "debugger" /t REG_SZ /d "drmsvc.exe" /f