Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nod32' = '"C:\\Program Files\\Eset\\nod32kui.exe" /WAITSERVICE'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon' = '<SYSTEM32>\ctfmon.exe'
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v nod32 /d "\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
- <SYSTEM32>\cacls.exe "%ALLUSERSPROFILE%\б╕┐к╩╝б╣▓╦╡е\│╠╨Є\╞Ї╢п" /d everyone"
- <SYSTEM32>\cacls.exe "%HOMEPATH%\б╕┐к╩╝б╣▓╦╡е\│╠╨Є\╞Ї╢п" /g everyone:r"
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va /f
- <SYSTEM32>\reg.exe delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /va /f
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v ctfmon /d <SYSTEM32>\ctfmon.exe
- %TEMP%\bt8226.bat
- %TEMP%\bt8226.bat
- %TEMP%\bt8226.bat
- ClassName: 'Indicator' WindowName: ''