Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winapp' = '<SYSTEM32>\winapp.exe'
- Редактора реестра (RegEdit)
- <SYSTEM32>\net.exe stop SharedAccess
- <SYSTEM32>\net1.exe stop Security Center
- %WINDIR%\regedit.exe /S %HOMEPATH%\Local Settings\Temp.\kill.reg
- <SYSTEM32>\net1.exe stop SharedAccess
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\update.bat" "
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\dsreg.bat" "
- <SYSTEM32>\net.exe stop Security Center
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v disableregistrytools /t REG_DWORD /d 1 /f
- <DRIVERS>\initconf.sys
- <SYSTEM32>\syment.bat
- %TEMP%\kill.reg
- <SYSTEM32>\winapp.exe
- <SYSTEM32>\update.bat
- <SYSTEM32>\dsreg.bat
- %TEMP%\kill.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''