Техническая информация
- %TEMP%\afterstartup.bat
- %WINDIR%\security\database\edbtmp.log
- %WINDIR%\security\database\edbres00001.jrs
- %WINDIR%\security\database\edbres00002.jrs
- %WINDIR%\security\database\edb.log
- %WINDIR%\security\database\tmp.edb
- %WINDIR%\security\database\edb.chk
- %WINDIR%\security\logs\scesrv.log
- %TEMP%\7zsfx000.cmd
- %TEMP%\7zsfx000.cmd
- %WINDIR%\security\database\edbtmp.log в %WINDIR%\security\database\edb.log
- %WINDIR%\security\database\edbtmp.log
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\AfterStartup.bat" "
- '%WINDIR%\syswow64\secedit.exe' /configure /db "%TEMP%\temp.sdb" /cfg "<SYSTEM32>\security.inf" /areas SECURITYPOLICY
- '%WINDIR%\syswow64\regedit.exe' /S Tweaks.reg
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "