Техническая информация
- %TEMP%\7zipsfx.000\autoexec.bat
- %TEMP%\7zipsfx.000\autoexec.vbs
- %TEMP%\7zsfx000.cmd
- %TEMP%\7zipsfx.000\autoexec.bat
- %TEMP%\7zipsfx.000\autoexec.vbs
- %TEMP%\7zsfx000.cmd
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\7ZipSfx.000\autoexec.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZipSfx.000\autoexec.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZipSfx.000\autoexec.bat" "
- '%WINDIR%\syswow64\mmc.exe' "<SYSTEM32>\devmgmt.msc"
- '<SYSTEM32>\mmc.exe' "<SYSTEM32>\devmgmt.msc"
- '%WINDIR%\syswow64\regedit.exe' /s %WINDIR%\runonce\║≤╞┌╨▐▓╣.reg
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t reg_sz /d http://12#.#ogou.com/?11### /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL" /t reg_sz /d http://12#.#ogou.com/?11### /f
- '%WINDIR%\syswow64\sc.exe' config "Ati HotKey Poller" start= DISABLED
- '%WINDIR%\syswow64\net.exe' user /delete HelpAssistant
- '%WINDIR%\syswow64\net1.exe' user /delete HelpAssistant
- '%WINDIR%\syswow64\net.exe' user /delete SUPPORT_388945a0
- '%WINDIR%\syswow64\net1.exe' user /delete SUPPORT_388945a0
- '%WINDIR%\syswow64\sc.exe' config srservice start= DISABLED
- '%WINDIR%\syswow64\sc.exe' stop srservice
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "