Техническая информация
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '%WINDIR%\O1209.scr'
- %WINDIR%\run.vbs
- %WINDIR%\scrnsave.bat
- %WINDIR%\o1209.scr
- nul
- %WINDIR%\run.vbs
- ClassName: 'SystemTray_Main' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\run.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\run.vbs" RunAsAdministrator
- '<SYSTEM32>\wscript.exe' "%WINDIR%\run.vbs" RunAsAdministrator
- '<SYSTEM32>\cmd.exe' /c SCRNSAVE.bat' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c SCRNSAVE.bat
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "%WINDIR%\O1209.scr" /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeOut /t REG_SZ /d "300" /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaverIsSecure /t REG_SZ /d "1" /f
- '<SYSTEM32>\rundll32.exe' USER32.DLL,UpdatePerUserSystemParameters
- '<SYSTEM32>\ping.exe' /n 5 127.0.0.1
- '<SYSTEM32>\ping.exe' 127.1 -n 3