Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\Microsoft\Windows\00135.dat"
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\Microsoft\Windows\00136.dat"
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\Microsoft\Windows\00133.dat"
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\Microsoft\Windows\00134.dat"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\pwdedit.dll"
- '<SYSTEM32>\reg.exe' ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk * \0bsmain2" /f
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\Microsoft\Windows\00137.dat"
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\Microsoft\Windows\00140.dat"
- '<SYSTEM32>\attrib.exe' -s -h -r "%APPDATA%\Microsoft\Windows\00133.dat"
- '<SYSTEM32>\attrib.exe' -s -h -r "%APPDATA%\Microsoft\Windows\00134.dat"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\temp32142.bat" "
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\pwdedit.dll"
- '<SYSTEM32>\attrib.exe' -s -h -r "%APPDATA%\Microsoft\Windows\00137.dat"
- '<SYSTEM32>\attrib.exe' -s -h -r "%APPDATA%\Microsoft\Windows\00140.dat"
- '<SYSTEM32>\attrib.exe' -s -h -r "%APPDATA%\Microsoft\Windows\00135.dat"
- '<SYSTEM32>\attrib.exe' -s -h -r "%APPDATA%\Microsoft\Windows\00136.dat"
- %TEMP%\temp32142.bat
- %APPDATA%\sysmodule.ini