Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'Debugger' = '<SYSTEM32>\dllcache\bysethc.exe'
- <SYSTEM32>\dllcache\sethc.exe
- <SYSTEM32>\sethc.exe
- '<SYSTEM32>\attrib.exe' +s +a +h +r <SYSTEM32>\sethc.exe
- '<SYSTEM32>\attrib.exe' +s +a +h +r <SYSTEM32>\set.exe
- '<SYSTEM32>\attrib.exe' +s +a +h +r <SYSTEM32>\dllcache\sethc.exe
- '%WINDIR%\regedit.exe' -s On.reg
- '<SYSTEM32>\attrib.exe' +s +a +h +r <SYSTEM32>\dllcache\bysethc.exe
- '<SYSTEM32>\attrib.exe' -s -a -h -r <SYSTEM32>\set.exe
- '<SYSTEM32>\cmd.exe' /c ""c:\install.bat" "
- '<SYSTEM32>\attrib.exe' -s -a -h -r <SYSTEM32>\sethc.exe
- '<SYSTEM32>\attrib.exe' -s -a -h -r <SYSTEM32>\dllcache\bysethc.exe
- '<SYSTEM32>\attrib.exe' -s -a -h -r <SYSTEM32>\dllcache\sethc.exe
- <SYSTEM32>\dllcache\bysethc.exe
- <SYSTEM32>\set.exe
- C:\On.reg
- C:\1.exe
- C:\install.bat
- <SYSTEM32>\dllcache\bysethc.exe
- <SYSTEM32>\set.exe
- C:\On.reg
- C:\1.exe
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''