Техническая информация
- [<HKLM>\SYSTEM\ControlSet002\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows32' = '%WINDIR%\system\winx.exe'
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- %WINDIR%\Tasks\startt.job
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\ControlSet002\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f
- <SYSTEM32>\netsh.exe firewall add allowedprogram %WINDIR%\system\winx.exe RPCCC
- <SYSTEM32>\schtasks.exe /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system
- <SYSTEM32>\sc.exe delete GbpSv
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\ControlSet001\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f
- <SYSTEM32>\gbuster.RRI
- C:\autoexec.bat
- 'ra######omo.100webspace.net':80
- ra######omo.100webspace.net/inf.php
- DNS ASK ra######omo.100webspace.net