Техническая информация
- %WINDIR%\SetACL.exe -on HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NPF -ot reg -actn ace -ace "n:everyone;m:deny;p:full;i:so"
- %WINDIR%\syndemo.exe
- <SYSTEM32>\cacls.exe <DRIVERS>\etc\hosts /e /t /r %USERNAME%
- <SYSTEM32>\cacls.exe <DRIVERS>\etc\hosts /e /t /p everyone:r
- <SYSTEM32>\attrib.exe <DRIVERS>\etc\hosts +r +h +s
- <SYSTEM32>\cacls.exe <DRIVERS>\etc\hosts /e /t /r %USERNAME%s
- <SYSTEM32>\cacls.exe <DRIVERS>\etc\hosts /e /t /r users
- <SYSTEM32>\cacls.exe <DRIVERS>\etc\hosts /e /t /r system
- <SYSTEM32>\cacls.exe <DRIVERS>\etc\hosts /e /t /r power users
- <SYSTEM32>\attrib.exe +s +r +h <DRIVERS>\npf.sys
- %WINDIR%\regedit.exe /s <SYSTEM32>\1.reg
- <SYSTEM32>\ping.exe -n 5 127.0.0.1
- <SYSTEM32>\cacls.exe <DRIVERS>\npf.sys /d everyone
- <SYSTEM32>\attrib.exe <DRIVERS>\etc\hosts -r -h -s
- <SYSTEM32>\cacls.exe <DRIVERS>\etc\hosts /e /t /g %USERNAME%s:f
- <SYSTEM32>\cacls.exe <DRIVERS>\etc\hosts /e /t /g everyone:f
- %TEMP%\bt02472.bat
- <SYSTEM32>\1.reg
- %TEMP%\aut3.tmp
- %WINDIR%\syndemo.exe
- %TEMP%\aut1.tmp
- %WINDIR%\SetACL.exe
- %TEMP%\aut2.tmp
- %TEMP%\bt02472.bat
- %WINDIR%\syndemo.exe
- %WINDIR%\SetACL.exe
- %TEMP%\aut3.tmp
- <DRIVERS>\etc\hosts
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\bt02472.bat
- <SYSTEM32>\1.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''