Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winlogo] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ \winlogo.exe' = '<SYSTEM32>\ \winlogo.exe:*:Enabled:n'
- '<SYSTEM32>\attrib.exe' +S +H +R <SYSTEM32>\ /S /D
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram <SYSTEM32>\ \winlogo.exe n enable
- '<SYSTEM32>\xcopy.exe' /h /y "<Полный путь к вирусу>" "<SYSTEM32>\ \winlogo.exe"
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\pendrive.bat" "
- '<SYSTEM32>\attrib.exe' +S +H +R <SYSTEM32>\ \Desktop.ini /S /D
- <SYSTEM32>\ \desktop.ini
- <SYSTEM32>\ \winlogo.exe
- <SYSTEM32>\pendrive.bat
- <SYSTEM32>\ \desktop.ini