Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AMD Catalyst' = 'C:\ProgramData\Catalyst\color.exe'
- C:\ProgramData\Catalyst\color.exe
- <SYSTEM32>\sc.exe config MpsSvc start= disabled
- <SYSTEM32>\net1.exe stop MpsSvc
- <SYSTEM32>\ping.exe localhost -n 100
- <SYSTEM32>\cmd.exe /c ""%TEMP%\2.tmp\123.bat" "
- <SYSTEM32>\attrib.exe +h c:\programdata
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\1.bat" "
- <SYSTEM32>\net.exe stop MpsSvc
- %WINDIR%\regedit.exe /s start.reg
- C:\ProgramData\Catalyst\stop.bat
- C:\ProgramData\Catalyst\start.reg
- C:\ProgramData\Catalyst\color.exe
- %TEMP%\2.tmp\123.bat
- C:\ProgramData\Catalyst\upd1.exe
- C:\ProgramData\Catalyst\upd.exe
- C:\ProgramData\Catalyst\1.bat
- %TEMP%\1.tmp\start.reg
- %TEMP%\1.tmp\color.exe
- %TEMP%\1.tmp\1.bat
- %TEMP%\1.tmp\upd1.exe
- %TEMP%\1.tmp\upd.exe
- %TEMP%\1.tmp\stop.bat
- ClassName: 'RegEdit_RegEdit' WindowName: ''