Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winsystem' = '<SYSTEM32>\winsystem.exe'
- <SYSTEM32>\attrib.exe +h +s +r +a "<SYSTEM32>\HookDrv.dll"
- <SYSTEM32>\attrib.exe +h +s +r +a "<SYSTEM32>\RManServer.exe"
- %WINDIR%\regedit.exe /s "asq.reg"
- <SYSTEM32>\attrib.exe +h +s +r +a "<SYSTEM32>\wininsq.exe"
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winsystem" /t REG_SZ /d "<SYSTEM32>\winsystem.exe" /f
- <SYSTEM32>\attrib.exe +h +s +r +a "<SYSTEM32>\winsystem.exe"
- <SYSTEM32>\attrib.exe +h +s +r +a "<SYSTEM32>\RManFUSClient.exe"
- <SYSTEM32>\reg.exe import "asq.reg"
- <SYSTEM32>\netsh.exe firewall add allowedprogram "<SYSTEM32>\RManServer.exe" "Системa Window" ENABLE
- <SYSTEM32>\chcp.com 1251
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\wininsq.bat" "
- <SYSTEM32>\netsh.exe firewall add allowedprogram "<SYSTEM32>\winsystem.exe" "Систем Window" ENABLE
- <SYSTEM32>\reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RManService" /f
- %WINDIR%\regedit.exe /s "rasder.reg"
- <SYSTEM32>\reg.exe import "rasder.reg"
- %TEMP%\1.tmp\wininsq.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''