Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'exe.exe' = '<SYSTEM32>\exe.exe.bat'
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "exe.exe" /t REG_SZ /d "<SYSTEM32>\exe.exe.bat" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\exe.bat""
- <DRIVERS>\etc\drivers18
- <DRIVERS>\etc\drivers19
- <DRIVERS>\etc\drivers20
- <DRIVERS>\etc\drivers17
- <DRIVERS>\etc\drivers14
- <DRIVERS>\etc\drivers15
- <DRIVERS>\etc\drivers16
- <Текущая директория>\offBLOK.txt
- <Текущая директория>\off.txt
- <Текущая директория>\SaitZAhodi.txt
- <DRIVERS>\etc\h■sts
- <DRIVERS>\etc\drivers21
- <DRIVERS>\etc\drivers22
- <DRIVERS>\etc\drivers23
- <DRIVERS>\etc\drivers13
- <DRIVERS>\etc\drivers3
- <DRIVERS>\etc\drivers4
- <DRIVERS>\etc\drivers5
- <DRIVERS>\etc\drivers2
- %TEMP%\1.tmp\exe.bat
- <SYSTEM32>\exe.exe.bat
- <DRIVERS>\etc\drivers1
- <DRIVERS>\etc\drivers10
- <DRIVERS>\etc\drivers11
- <DRIVERS>\etc\drivers12
- <DRIVERS>\etc\drivers9
- <DRIVERS>\etc\drivers6
- <DRIVERS>\etc\drivers7
- <DRIVERS>\etc\drivers8
- %TEMP%\1.tmp\exe.bat
- <DRIVERS>\etc\hosts