Техническая информация
- <SYSTEM32>\cmd.exe
- %TEMP%\1.tmp\2.tmp\3.bat
- %HOMEPATH%\My Documents\My Music\Test.exe
- %ProgramFiles%\%PSModulePath%\DePass_Micro.exe
- %ProgramFiles%\%PSModulePath%\svchost.exe
- %ProgramFiles%\%PSModulePath%\php5ts.dll
- %TEMP%\PSE20\a63b88baef8e78a623998061552bc6b4\php.ini
- %APPDATA%\Microsoft\Windows\System.sys
- %TEMP%\1.tmp\2.tmp\3.bat
- ClassName: 'EDIT' WindowName: ''
- '%HOMEPATH%\My Documents\My Music\Test.exe'
- '%ProgramFiles%\%PSModulePath%\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.tmp\3.bat" <Полный путь к файлу>"
- '<SYSTEM32>\cmd.exe' /c "NetSh Advfirewall set allprofiles state off"
- '<SYSTEM32>\netsh.exe' Advfirewall set allprofiles state off
- '<SYSTEM32>\cmd.exe' /c "attrib +R +S +A +H %APPDATA%/Microsoft/Windows/System.sys"
- '<SYSTEM32>\attrib.exe' +R +S +A +H %APPDATA%/Microsoft/Windows/System.sys