Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\124.lnk
- Диспетчера задач (Taskmgr)
- %TEMP%\RarSFX0\next1.bat
- %TEMP%\RarSFX0\next2.exe
- %TEMP%\RarSFX0\start.bat
- %TEMP%\RarSFX0\invisible.vbs
- %TEMP%\RarSFX0\invisible.vbs
- %TEMP%\RarSFX0\next1.bat
- %TEMP%\RarSFX0\next2.exe
- %TEMP%\RarSFX0\start.bat
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\start.bat" "
- '<SYSTEM32>\wscript.exe' "invisible.vbs" "next1.bat"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\next1.bat" "
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}" /v Restrict_Run /t REG_DWORD /d 1 /f