Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowRestore' = 'restore.exe'
- %WINDIR%\Tasks\svcpack.job
- <SYSTEM32>\taskkill.exe /f /im svchost.exe /t
- %WINDIR%\regedit.exe /s <SYSTEM32>\service.reg
- <SYSTEM32>\svchost.exe -k LocalService
- <SYSTEM32>\svchost.exe -k rpcss
- <SYSTEM32>\attrib.exe +h +r +s +a <SYSTEM32>\restore.exe
- <SYSTEM32>\schtasks.exe /create /sc minute /mo 1 /tn "svcpack" /tr <SYSTEM32>\service.exe /ru ""
- <SYSTEM32>\net1.exe start "Utilitр di pianificazione"
- <SYSTEM32>\attrib.exe +h +r +s +a <SYSTEM32>\service.exe
- <SYSTEM32>\attrib.exe +h +r +s +a svcpack.job
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\service.reg
- %TEMP%\~1.bat
- %WINDIR%\Tasks\svcpack.job
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- <SYSTEM32>\service.reg
- <SYSTEM32>\svcpack.dll в <SYSTEM32>\service.exe
- ClassName: '' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''