Техническая информация
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1201' = '00000000'
- %APPDATA%\app.dat
- C:\users\public\documents\subikaa0ad\text.bat
- C:\users\public\documents\subikaa0ad\bbbbbbbbbbbb.chm
- C:\users\public\documents\subikaa0ad\text.bat
- ClassName: 'HH Parent' WindowName: ''
- ClassName: '' WindowName: 'hh.exe - .NET Framework ³õʼ»¯´ГГЋГі'
- ClassName: 'CabinetWClass' WindowName: 'Õą̂µçÄÔ'
- ClassName: 'CabinetWClass' WindowName: '¼ÆËã»ú'
- ClassName: 'CabinetWClass' WindowName: '´ËµçÄÔ'
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Documents\SUBIKAA0AD\text.bat
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v "1201" /d "0" /t REG_DWORD /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" /v "State" /d "146944" /t REG_DWORD /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "CertificateRevocation" /d "0" /t REG_DWORD /f