Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pos.exe] 'debugger' = 'dumprep.exe'
- '<SYSTEM32>\reg.exe' Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pos.exe" /v "debugger" /t REG_SZ /d "dumprep.exe" /f
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mqtgmsvc.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d "1" /f
- '<SYSTEM32>\sc.exe' stop Cdfsc
- '<SYSTEM32>\reg.exe' add "HKCU\Control Panel\International" /v sShortDate /t REG_SZ /d "dd.MM.yyyy" /f
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\tcpsv\upt.bat" "
- '<SYSTEM32>\ping.exe' -n 1 127.0.0.1
- '<SYSTEM32>\reg.exe' add "HKCU\Control Panel\International" /v sDate /t REG_SZ /d "." /f
- %WINDIR%\tcpsv\goer.eta
- %WINDIR%\tcpsv\CHKER
- %WINDIR%\tcpsv\upt.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''