Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wmssetup' = '<SYSTEM32>\rundll32.exe "%ProgramFiles%\Windows Media Player\wmssetup.dll",LaunchProcessInputFiles'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'iessetup' = '<SYSTEM32>\rundll32.exe "%ProgramFiles%\Internet Explorer\iessetup.dll",LaunchProcessInputFiles'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\desktop.ini
- '<SYSTEM32>\sc.exe' delete {D01259F5-68D1-434a-B0F7-ADE98CBB2A5C}
- '<SYSTEM32>\sc.exe' delete apache
- '<SYSTEM32>\cacls.exe' "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /t /e /c /g Administrators:f
- '<SYSTEM32>\cmd.exe' /c cacls "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /t /e /c /g Administrators:f
- '<SYSTEM32>\reg.exe' unload HKEY_USERS\a
- '<SYSTEM32>\reg.exe' load HKEY_USERS\a C:\Users\Administrator\NTUSER.DAT
- '<SYSTEM32>\cmd.exe' /c sc delete {D01259F5-68D1-434a-B0F7-ADE98CBB2A5C}
- '<SYSTEM32>\cmd.exe' /c sc delete apache
- %WINDIR%\Setup\Scripts\open.exe
- %TEMP%\aut3.tmp
- %WINDIR%\Zmauto.exe
- %TEMP%\aut1.tmp
- %WINDIR%\Setup\Scripts\SetupComplete.cmd
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''