Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonUI.exe] 'Debugger' = '<SYSTEM32>\cmd.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininit.exe] 'Debugger' = '<SYSTEM32>\cmd.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogon.exe] 'Debugger' = '<SYSTEM32>\cmd.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'Debugger' = '<SYSTEM32>\cmd.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ProtectService] 'ImagePath' = '<Текущая директория>\Service.sys'
- <Текущая директория>\Service.sys
- <Текущая директория>\MBR.bin
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonUI.exe" /v Debugger /t REG_SZ /d "<SYSTEM32>\cmd.exe"
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininit.exe" /v Debugger /t REG_SZ /d "<SYSTEM32>\cmd.exe"
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogon.exe" /v Debugger /t REG_SZ /d "<SYSTEM32>\cmd.exe"
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "<SYSTEM32>\cmd.exe"