Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\up32x64] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\up32x64] 'ImagePath' = 'system32\drivers\msnone.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\MSNone] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\MSNone] 'ImagePath' = '<DRIVERS>\msnone.sys'
- 'up32x64' system32\drivers\msnone.sys
- %TEMP%\ars.reg
- http://67.##7.136.158/x/driver.jpg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c "regedit /s %TEMP%\ars.reg"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c "regedit /s %TEMP%\ars.reg"
- '%WINDIR%\syswow64\regedit.exe' /s %TEMP%\ars.reg