Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'srvx' = '<Текущая директория>\ht.exe'
- '<SYSTEM32>\reg.exe' add "hkcu\Software\AloneWolf\HideTrace" /v ScreenShotQuality /d "" /f /t reg_dword
- '<SYSTEM32>\reg.exe' add "hkcu\Software\AloneWolf\HideTrace" /v ScreenShotSize /d "2" /f /t reg_dword
- '<SYSTEM32>\reg.exe' add "hkcu\Software\AloneWolf\HideTrace" /v ScreenShotTime /d "" /f /t reg_dword
- '<SYSTEM32>\reg.exe' add "hkcu\Software\AloneWolf\HideTrace" /v ScreenShotEnable /d "1" /f /t reg_dword
- '<SYSTEM32>\taskkill.exe' /im ht.exe /f
- '<SYSTEM32>\reg.exe' add "hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v srvx /d "<Текущая директория>\ht.exe" /f
- '<SYSTEM32>\reg.exe' add "hkcu\Software\AloneWolf\HideTrace" /v LogDir /d "<Текущая директория>\logs" /f
- %TEMP%\2524O807.bat
- %TEMP%\2524O807.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''