Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %ALLUSERSPROFILE%\Application Data\userinit.exe'
- '%TEMP%\drv1.tak'
- '%ALLUSERSPROFILE%\Application Data\userinit.exe'
- '%TEMP%\drv.tak'
- '<SYSTEM32>\cmd.exe' /c "%ALLUSERSPROFILE%\Documents\microtm.bat"
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\drv1.tak
- %ALLUSERSPROFILE%\Application Data\userinit.exe
- %ALLUSERSPROFILE%\Documents\microtm.bat
- %WINDIR%\bus676.sys
- %WINDIR%\bus675.sys
- %TEMP%\drv.tak
- %WINDIR%\tmp1.drv
- %WINDIR%\tmp.drv
- %TEMP%\drv1.tak
- %TEMP%\drv.tak