Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'debugger' = 'taskmgr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftp.exe] 'debugger' = '126aaza31.caz'
- %WINDIR%\Help\wk\mscorsvw.exe
- %WINDIR%\Help\wk\brighter.exe
- %WINDIR%\Help\wk\1.bat
- %WINDIR%\Help\wk\mscorsvw.ini
- %WINDIR%\Help\wk\pools.txt
- %WINDIR%\Help\wk\fuwu.bat
- %WINDIR%\Help\wk\mscorsvw.exe
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Help\wk\fuwu.bat" "
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 4 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v ElevateNonAdmins /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v debugger /t REG_SZ /d "taskmgr.exe" /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftp.exe" /v debugger /t REG_SZ /d "126aaza31.caz" /f