Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\AppPatch\skytel.exe,%WINDIR%\help\svchost.exe'
- '%WINDIR%\AppPatch\skytel.exe'
- '%WINDIR%\excel..exe'
- '%WINDIR%\unlocks.exe' x lock.rar -o+ -p112233
- '<SYSTEM32>\cacls.exe' %WINDIR%\AppPatch /c /t /g everyone:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\AppPatch /c /t /g BUILTIN\%USERNAME%s:f
- '<SYSTEM32>\ping.exe' -n 5 127.1
- %WINDIR%\excel..exe
- %WINDIR%\AppPatch\skytel.exe
- %WINDIR%\run.bat
- %WINDIR%\unlocks.exe
- %WINDIR%\lock.rar
- ClassName: 'M0zilla/5.0' WindowName: '%WINDIR%\excel..exe'
- ClassName: 'M0zilla/5.0' WindowName: '%WINDIR%\AppPatch\skytel.exe'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'