Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\syshost32] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\syshost32] 'ImagePath' = '"%WINDIR%\Installer\{858560BB-9703-3889-D07A-589BB06D84C3}\syshost.exe" /service'
- [<HKLM>\System\CurrentControlSet\Services\be86b] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\be86b] 'ImagePath' = '<DRIVERS>\be86b.sys'
- 'syshost32' "%WINDIR%\Installer\{858560BB-9703-3889-D07A-589BB06D84C3}\syshost.exe" /service
- 'be86b' <DRIVERS>\be86b.sys
- %WINDIR%\installer\{858560bb-9703-3889-d07a-589bb06d84c3}\syshost.exe
- %WINDIR%\installer\{858560bb-9703-3889-d07a-589bb06d84c3}\syshost.exe
- <DRIVERS>\be86b.sys
- %WINDIR%\temp\uddec9f.tmp
- %WINDIR%\temp\uddf547.tmp
- %WINDIR%\temp\uddfe1e.tmp
- <DRIVERS>\bded5a5f184e3134.sys
- %WINDIR%\temp\uddec9f.tmp
- %WINDIR%\temp\uddf547.tmp
- <DRIVERS>\be86b.sys
- из <Полный путь к файлу> в %TEMP%\f6d46278.tmp
- '%WINDIR%\installer\{858560bb-9703-3889-d07a-589bb06d84c3}\syshost.exe' /service
- '%WINDIR%\syswow64\cmd.exe' /C del /Q /F "%TEMP%\f6d46278.tmp"' (со скрытым окном)
- '<SYSTEM32>\bcdedit.exe' -set TESTSIGNING ON' (со скрытым окном)
- '%WINDIR%\syswow64\werfault.exe' -u -p 1528 -s 148' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C del /Q /F "%TEMP%\f6d46278.tmp"
- '<SYSTEM32>\bcdedit.exe' -set TESTSIGNING ON