Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\w32time] 'ImagePath' = '<SYSTEM32>\svchost.exe -k LocalService'
- [<HKLM>\System\CurrentControlSet\Services\w32time] 'Start' = '00000002'
- 'w32time' <SYSTEM32>\svchost.exe -k LocalService
- '%WINDIR%\syswow64\net.exe' stop w32time
- %TEMP%\ytmp\tmp60096.bat
- %TEMP%\ytmp\tmp95896.exe
- '%WINDIR%\syswow64\cmd.exe' /c if not exist "%TEMP%\afolder" mkdir "%TEMP%\afolder"
- '%WINDIR%\syswow64\w32tm.exe' /resync /nowait
- '<SYSTEM32>\w32tm.exe' /config /syncfromflags:DOMHIER /update
- '%WINDIR%\syswow64\w32tm.exe' /config /syncfromflags:DOMHIER /update
- '%WINDIR%\syswow64\net1.exe' start w32time
- '%WINDIR%\syswow64\net.exe' start w32time
- '<SYSTEM32>\w32tm.exe' /register
- '%WINDIR%\syswow64\w32tm.exe' /register
- '<SYSTEM32>\w32tm.exe' /resync /nowait
- '<SYSTEM32>\w32tm.exe' /unregister
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\ytmp\tmp60096.bat "<Полный путь к файлу>"
- '%WINDIR%\syswow64\cmd.exe' /c if exist "%TEMP%\ytmp\tmp95896.exe" del "%TEMP%\ytmp\tmp95896.exe"
- '%WINDIR%\syswow64\cmd.exe' /c if exist "%TEMP%\ytmp\tmp60096.bat" del "%TEMP%\ytmp\tmp60096.bat"
- '%WINDIR%\syswow64\cmd.exe' /c cls
- '%WINDIR%\syswow64\attrib.exe' +h %TEMP%\ytmp
- '%WINDIR%\syswow64\cmd.exe' /c attrib +h %TEMP%\ytmp
- '%WINDIR%\syswow64\cmd.exe' /c if not exist "%TEMP%\ytmp" mkdir "%TEMP%\ytmp"
- '%WINDIR%\syswow64\w32tm.exe' /unregister
- '%WINDIR%\syswow64\net1.exe' stop w32time