Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Spawn' = '"C:\ProgramData\data\startup.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- C:\ProgramData\data\pools.txt
- C:\ProgramData\data\update.xml
- C:\ProgramData\data\first.cmd
- C:\ProgramData\data\data.exe
- C:\ProgramData\data\startup.exe
- C:\ProgramData\data\uninstall.exe
- C:\ProgramData\data\UnRar.exe
- C:\ProgramData\data\Startup.reg
- <SYSTEM32>\pools.txt
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""c:\ProgramData\data\first.cmd" "
- '<SYSTEM32>\xcopy.exe' /y pools.txt <SYSTEM32>\
- '<SYSTEM32>\schtasks.exe' /create /TN "update" /XML "c:\programdata\data\update.xml"
- '<SYSTEM32>\reg.exe' IMPORT Startup.reg