Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Security' = '<SYSTEM32>\lkrn32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%WINDIR%\System\svchost.exe'
- '<SYSTEM32>\reg.exe' add hklm\software\microsoft\windows\currentversion\run /v Microsoft /t reg_sz /d %WINDIR%\System\svchost.exe /f
- '<SYSTEM32>\reg.exe' add hklm\software\microsoft\windows\currentversion\run /v Security /t reg_sz /d <SYSTEM32>\lkrn32.exe /f
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\winrh.cmd
- '<SYSTEM32>\cmd.exe' /c reg add hklm\software\microsoft\windows\currentversion\run /v Microsoft /t reg_sz /d %systemdrive%\WINDOWS\System\svchost.exe /f
- '<SYSTEM32>\cmd.exe' /c reg add hklm\software\microsoft\windows\currentversion\run /v Security /t reg_sz /d %systemdrive%\WINDOWS\System32\lkrn32.exe /f
- <SYSTEM32>\winrh.cmd
- %TEMP%\~DF4E06.tmp