Trojan.MulDrop28.554

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'EthernetKill' = '%TEMP%\EthernetKiller.cmd'

Creates or modifies the following files

%APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe

Sets the following service settings

[HKLM\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'

Malicious functions

To bypass firewall, removes or modifies the following registry keys

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'

To complicate detection of its presence in the operating system,

blocks execution of the following system utilities:

Windows Task Manager (Taskmgr)

modifies the following system settings:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogoff' = '00000001'

Executes the following

'<SYSTEM32>\netsh.exe' advfirewall set allprofiles state off

Launches a large number of processes

Modifies file system

Creates the following files

%TEMP%\7196.tmp\7197.tmp\7198.bat
<Current directory>\errorcritico.vbs
<Current directory>\advertencia.vbs
<Current directory>\informacion.vbs
<Current directory>\autorun.inf
<Current directory>\taskse.exe
<Current directory>\taskdl.bat
%TEMP%\bytebeat.shingapi.tmp
nul
<Current directory>\tasksvc.exe
%TEMP%\ethernetkiller.cmd
%TEMP%\2396.tmp\23a7.tmp\23a8.bat
%TEMP%\2700.tmp\2701.tmp\2711.bat
%TEMP%\2f3a.tmp\2f4a.tmp\2f4b.bat
%TEMP%\2f97.tmp\2f98.tmp\2f99.bat
%TEMP%\3301.tmp\3302.tmp\3303.bat

Deletes the following files

<SYSTEM32>\winresume.exe
<DRIVERS>\vmstorfl.sys
<DRIVERS>\vms3cap.sys
<DRIVERS>\vmbushid.sys
<DRIVERS>\vmbus.sys
<DRIVERS>\videoprt.sys
<DRIVERS>\viaide.sys
<DRIVERS>\vhdmp.sys
<DRIVERS>\vgapnp.sys
<DRIVERS>\vga.sys
<DRIVERS>\usbcamd2.sys
<DRIVERS>\vdrvroot.sys
<DRIVERS>\usbstor.sys
<DRIVERS>\usbrpm.sys
<DRIVERS>\usbprint.sys
<DRIVERS>\usbport.sys
<DRIVERS>\usbohci.sys
<DRIVERS>\usbhub.sys
<DRIVERS>\usbehci.sys
<DRIVERS>\usbd.sys
<DRIVERS>\usbcir.sys
<DRIVERS>\usbuhci.sys
<DRIVERS>\usbccgp.sys
<DRIVERS>\volmgr.sys
<DRIVERS>\wdfldr.sys
<DRIVERS>\en-us\acpi.sys.mui
<DRIVERS>\en-us\1394ohci.sys.mui
<DRIVERS>\wudfrd.sys
<DRIVERS>\wudfpf.sys
<DRIVERS>\ws2ifsl.sys
<DRIVERS>\wmilib.sys
<DRIVERS>\wmiacpi.sys
<DRIVERS>\winhv.sys
<DRIVERS>\wimmount.sys
<DRIVERS>\volsnap.sys
<DRIVERS>\volmgrx.sys
<DRIVERS>\wdf01000.sys
<DRIVERS>\wd.sys
<DRIVERS>\watchdog.sys
<DRIVERS>\wanarp.sys
<DRIVERS>\wacompen.sys
<DRIVERS>\vwifimp.sys
<DRIVERS>\vwififlt.sys
<DRIVERS>\vwifibus.sys
<DRIVERS>\vsmraid.sys
<DRIVERS>\wfplwf.sys
<DRIVERS>\usb8023.sys
<DRIVERS>\umbus.sys
<DRIVERS>\en-us\agp440.sys.mui
<DRIVERS>\sffp_mmc.sys
<DRIVERS>\spsys.sys
<DRIVERS>\spldr.sys
<DRIVERS>\smclib.sys
<DRIVERS>\smb.sys
<DRIVERS>\sisraid4.sys
<DRIVERS>\sisraid2.sys
<DRIVERS>\sfloppy.sys
<DRIVERS>\sffp_sd.sys
<DRIVERS>\stexstor.sys
<DRIVERS>\srv2.sys
<DRIVERS>\srvnet.sys
<DRIVERS>\serial.sys
<DRIVERS>\serenum.sys
<DRIVERS>\secdrv.sys
<DRIVERS>\scsiport.sys
<DRIVERS>\scfilter.sys
<DRIVERS>\sbp2port.sys
<DRIVERS>\rspndr.sys
<DRIVERS>\rootmdm.sys
<DRIVERS>\sermouse.sys
<DRIVERS>\storport.sys
<DRIVERS>\uliagpkx.sys
<DRIVERS>\en-us\afd.sys.mui
<DRIVERS>\srv.sys
<DRIVERS>\udfs.sys
<DRIVERS>\uagp35.sys
<DRIVERS>\tunnel.sys
<DRIVERS>\tsusbhub.sys
<DRIVERS>\tsusbgd.sys
<DRIVERS>\tsusbflt.sys
<DRIVERS>\tssecsrv.sys
<DRIVERS>\terminpt.sys
<DRIVERS>\termdd.sys
<DRIVERS>\tdx.sys
<DRIVERS>\tdtcp.sys
<DRIVERS>\tdpipe.sys
<DRIVERS>\tdi.sys
<DRIVERS>\tcpipreg.sys
<DRIVERS>\tcpip.sys
<DRIVERS>\tape.sys
<DRIVERS>\synth3dvsc.sys
<DRIVERS>\swenum.sys
<DRIVERS>\stream.sys
<DRIVERS>\storvsc.sys
<DRIVERS>\umpass.sys
<DRIVERS>\mstee.sys
<DRIVERS>\en-us\amdide.sys.mui
<DRIVERS>\en-us\tpm.sys.mui
<DRIVERS>\en-us\tcpip.sys.mui
<DRIVERS>\en-us\srv.sys.mui
<DRIVERS>\en-us\serscan.sys.mui
<DRIVERS>\en-us\sermouse.sys.mui
<DRIVERS>\en-us\serial.sys.mui
<DRIVERS>\en-us\scsiport.sys.mui
<DRIVERS>\en-us\scfilter.sys.mui
<DRIVERS>\en-us\rndismpx.sys.mui
<DRIVERS>\en-us\tsusbflt.sys.mui
<DRIVERS>\en-us\rndismp6.sys.mui
<DRIVERS>\en-us\rdvgkmd.sys.mui
<DRIVERS>\en-us\rdpwd.sys.mui
<DRIVERS>\en-us\rdbss.sys.mui
<DRIVERS>\en-us\qwavedrv.sys.mui
<DRIVERS>\en-us\pscr.sys.mui
<DRIVERS>\en-us\processr.sys.mui
<DRIVERS>\en-us\portcls.sys.mui
<DRIVERS>\en-us\pnpmem.sys.mui
<DRIVERS>\en-us\pcmcia.sys.mui
<DRIVERS>\en-us\rndismp.sys.mui
<DRIVERS>\en-us\tsusbhub.sys.mui
<DRIVERS>\en-us\tunnel.sys.mui
<DRIVERS>\en-us\uagp35.sys.mui
<DRIVERS>\umdf\wpdfs.dll
<DRIVERS>\umdf\usbdr.dll
<DRIVERS>\etc\services
<DRIVERS>\etc\protocol
<DRIVERS>\etc\networks
<DRIVERS>\etc\lmhosts.sam
<DRIVERS>\etc\hosts
<DRIVERS>\en-us\ws2ifsl.sys.mui
<DRIVERS>\en-us\wdf01000.sys.mui
<DRIVERS>\en-us\wd.sys.mui
<DRIVERS>\en-us\wacompen.sys.mui
<DRIVERS>\en-us\vwifibus.sys.mui
<DRIVERS>\en-us\volsnap.sys.mui
<DRIVERS>\en-us\volmgrx.sys.mui
<DRIVERS>\en-us\vhdmp.sys.mui
<DRIVERS>\en-us\vdrvroot.sys.mui
<DRIVERS>\en-us\usbrpm.sys.mui
<DRIVERS>\en-us\usbport.sys.mui
<DRIVERS>\en-us\usbhub.sys.mui
<DRIVERS>\en-us\umbus.sys.mui
<DRIVERS>\en-us\uliagpkx.sys.mui
<DRIVERS>\en-us\pci.sys.mui
<DRIVERS>\rndismp.sys
<DRIVERS>\sffdisk.sys
<DRIVERS>\en-us\pacer.sys.mui
<DRIVERS>\en-us\hdaudio.sys.mui
<DRIVERS>\en-us\hdaudbus.sys.mui
<DRIVERS>\en-us\gagp30kx.sys.mui
<DRIVERS>\en-us\fvevol.sys.mui
<DRIVERS>\en-us\fltmgr.sys.mui
<DRIVERS>\en-us\dot4usb.sys.mui
<DRIVERS>\en-us\disk.sys.mui
<DRIVERS>\en-us\cdrom.sys.mui
<DRIVERS>\en-us\bthusb.sys.mui
<DRIVERS>\en-us\hidbth.sys.mui
<DRIVERS>\en-us\bthport.sys.mui
<DRIVERS>\en-us\bthenum.sys.mui
<DRIVERS>\en-us\brserid.sys.mui
<DRIVERS>\en-us\brserib.sys.mui
<DRIVERS>\en-us\brparwdm.sys.mui
<DRIVERS>\en-us\bfe.dll.mui
<DRIVERS>\en-us\battc.sys.mui
<DRIVERS>\en-us\atikmdag.sys.mui
<DRIVERS>\en-us\ataport.sys.mui
<DRIVERS>\en-us\amdppm.sys.mui
<DRIVERS>\en-us\bthpan.sys.mui
<DRIVERS>\en-us\http.sys.mui
<DRIVERS>\en-us\i8042prt.sys.mui
<DRIVERS>\en-us\intelppm.sys.mui
<DRIVERS>\en-us\ohci1394.sys.mui
<DRIVERS>\en-us\nwifi.sys.mui
<DRIVERS>\en-us\nv_agp.sys.mui
<DRIVERS>\en-us\ntfs.sys.mui
<DRIVERS>\en-us\ndisuio.sys.mui
<DRIVERS>\en-us\ndiscap.sys.mui
<DRIVERS>\en-us\ndis.sys.mui
<DRIVERS>\en-us\mtconfig.sys.mui
<DRIVERS>\en-us\mssmbios.sys.mui
<DRIVERS>\en-us\msdsm.sys.mui
<DRIVERS>\en-us\mpio.sys.mui
<DRIVERS>\en-us\mountmgr.sys.mui
<DRIVERS>\en-us\mouhid.sys.mui
<DRIVERS>\en-us\mouclass.sys.mui
<DRIVERS>\en-us\modem.sys.mui
<DRIVERS>\en-us\luafv.sys.mui
<DRIVERS>\en-us\kbdhid.sys.mui
<DRIVERS>\en-us\kbdclass.sys.mui
<DRIVERS>\en-us\isapnp.sys.mui
<DRIVERS>\en-us\ipnat.sys.mui
<DRIVERS>\en-us\ipmidrv.sys.mui
<DRIVERS>\en-us\parport.sys.mui
<DRIVERS>\en-us\amdk8.sys.mui
<DRIVERS>\rmcast.sys
<DRIVERS>\rdyboost.sys
<DRIVERS>\rdpwd.sys
<DRIVERS>\dumpfve.sys
<DRIVERS>\evbda.sys
<DRIVERS>\errdev.sys
<DRIVERS>\elxstor.sys
<DRIVERS>\e1g6032e.sys
<DRIVERS>\dxgmms1.sys
<DRIVERS>\dxgkrnl.sys
<DRIVERS>\dxg.sys
<DRIVERS>\dxapi.sys
<DRIVERS>\fileinfo.sys
<DRIVERS>\fastfat.sys
<DRIVERS>\fdc.sys
<DRIVERS>\drmk.sys
<DRIVERS>\dmvsc.sys
<DRIVERS>\diskdump.sys
<DRIVERS>\disk.sys
<DRIVERS>\discache.sys
<DRIVERS>\dfsc.sys
<DRIVERS>\csc.sys
<DRIVERS>\crcdisk.sys
<DRIVERS>\drmkaud.sys
<DRIVERS>\filetrace.sys
<DRIVERS>\hwpolicy.sys
<DRIVERS>\crashdmp.sys
<DRIVERS>\compbatt.sys
<DRIVERS>\http.sys
<DRIVERS>\hpsamd.sys
<DRIVERS>\hidusb.sys
<DRIVERS>\hidparse.sys
<DRIVERS>\hidir.sys
<DRIVERS>\hidclass.sys
<DRIVERS>\hidbth.sys
<DRIVERS>\hidbatt.sys
<DRIVERS>\hdaudio.sys
<DRIVERS>\hdaudbus.sys
<DRIVERS>\hcw85cir.sys
<DRIVERS>\gmreadme.txt
<DRIVERS>\gm.dls
<DRIVERS>\gagp30kx.sys
<DRIVERS>\fwpkclnt.sys
<DRIVERS>\fvevol.sys
<DRIVERS>\fs_rec.sys
<DRIVERS>\fsdepends.sys
<DRIVERS>\fltmgr.sys
<DRIVERS>\flpydisk.sys
<DRIVERS>\dumpata.sys
<DRIVERS>\umdf\en-us\wpdmtpdr.dll.mui
<DRIVERS>\i8042prt.sys
<DRIVERS>\cng.sys
<DRIVERS>\amdxata.sys
<DRIVERS>\amdsbs.sys
<DRIVERS>\amdsata.sys
<DRIVERS>\amdppm.sys
<DRIVERS>\amdk8.sys
<DRIVERS>\amdide.sys
<DRIVERS>\aliide.sys
<DRIVERS>\agp440.sys
<DRIVERS>\arc.sys
<DRIVERS>\agilevpn.sys
<DRIVERS>\adpu320.sys
<DRIVERS>\adpahci.sys
<DRIVERS>\adp94xx.sys
<DRIVERS>\acpipmi.sys
<DRIVERS>\acpi.sys
<DRIVERS>\1394ohci.sys
<DRIVERS>\1394bus.sys
<SYSTEM32>\hal.dll
<SYSTEM32>\winload.exe
<DRIVERS>\afd.sys
<DRIVERS>\arcsas.sys
<DRIVERS>\appid.sys
<DRIVERS>\asyncmac.sys
<DRIVERS>\cmdide.sys
<DRIVERS>\brserwdm.sys
<DRIVERS>\cmbatt.sys
<DRIVERS>\classpnp.sys
<DRIVERS>\circlass.sys
<DRIVERS>\cdrom.sys
<DRIVERS>\cdfs.sys
<DRIVERS>\bxvbda.sys
<DRIVERS>\bthmodem.sys
<DRIVERS>\brusbser.sys
<DRIVERS>\brusbmdm.sys
<DRIVERS>\brserid.sys
<DRIVERS>\atapi.sys
<DRIVERS>\bridge.sys
<DRIVERS>\brfiltup.sys
<DRIVERS>\brfiltlo.sys
<DRIVERS>\bowser.sys
<DRIVERS>\blbdrive.sys
<DRIVERS>\beep.sys
<DRIVERS>\battc.sys
<DRIVERS>\b57nd60a.sys
<DRIVERS>\ataport.sys
<DRIVERS>\compositebus.sys
<DRIVERS>\en-us\partmgr.sys.mui
<DRIVERS>\iastorv.sys
<DRIVERS>\intelppm.sys
<DRIVERS>\parport.sys
<DRIVERS>\pacer.sys
<DRIVERS>\ohci1394.sys
<DRIVERS>\nwifi.sys
<DRIVERS>\nv_agp.sys
<DRIVERS>\nvstor.sys
<DRIVERS>\nvraid.sys
<DRIVERS>\null.sys
<DRIVERS>\ntfs.sys
<DRIVERS>\partmgr.sys
<DRIVERS>\nsiproxy.sys
<DRIVERS>\nfrd960.sys
<DRIVERS>\netio.sys
<DRIVERS>\netbt.sys
<DRIVERS>\netbios.sys
<DRIVERS>\ndproxy.sys
<DRIVERS>\ndiswan.sys
<DRIVERS>\ndisuio.sys
<DRIVERS>\ndistapi.sys
<DRIVERS>\ndiscap.sys
<DRIVERS>\npfs.sys
<DRIVERS>\pci.sys
<DRIVERS>\pciide.sys
<DRIVERS>\pciidex.sys
<DRIVERS>\iirsp.sys
<DRIVERS>\rdpvideominiport.sys
<DRIVERS>\rdprefmp.sys
<DRIVERS>\rdpencdd.sys
<DRIVERS>\rdpdr.sys
<DRIVERS>\rdpcdd.sys
<DRIVERS>\rdpbus.sys
<DRIVERS>\rdbss.sys
<DRIVERS>\rassstp.sys
<DRIVERS>\raspptp.sys
<DRIVERS>\raspppoe.sys
<DRIVERS>\rasl2tp.sys
<DRIVERS>\rasacd.sys
<DRIVERS>\qwavedrv.sys
<DRIVERS>\ql40xx.sys
<DRIVERS>\ql2300.sys
<DRIVERS>\processr.sys
<DRIVERS>\portcls.sys
<DRIVERS>\peauth.sys
<DRIVERS>\pcw.sys
<DRIVERS>\pcmcia.sys
<DRIVERS>\ndis.sys
<DRIVERS>\intelide.sys
<DRIVERS>\mup.sys
<DRIVERS>\exfat.sys
<DRIVERS>\megasas.sys
<DRIVERS>\mcd.sys
<DRIVERS>\luafv.sys
<DRIVERS>\lsi_scsi.sys
<DRIVERS>\lsi_sas2.sys
<DRIVERS>\lsi_sas.sys
<DRIVERS>\lsi_fc.sys
<DRIVERS>\lltdio.sys
<DRIVERS>\ksthunk.sys
<DRIVERS>\megasr.sys
<DRIVERS>\ksecpkg.sys
<DRIVERS>\ks.sys
<DRIVERS>\kbdhid.sys
<DRIVERS>\kbdclass.sys
<DRIVERS>\isapnp.sys
<DRIVERS>\irenum.sys
<DRIVERS>\irda.sys
<DRIVERS>\ipnat.sys
<DRIVERS>\ipmidrv.sys
<DRIVERS>\ipfltdrv.sys
<DRIVERS>\ksecdd.sys
<DRIVERS>\modem.sys
<DRIVERS>\monitor.sys
<DRIVERS>\mouclass.sys
<DRIVERS>\mssmbios.sys
<DRIVERS>\msrpc.sys
<DRIVERS>\mspqm.sys
<DRIVERS>\mspclock.sys
<DRIVERS>\mskssrv.sys
<DRIVERS>\msiscsi.sys
<DRIVERS>\msisadrv.sys
<DRIVERS>\mshidkmdf.sys
<DRIVERS>\msft_user_wpdfs_01_09_00.wdf
<DRIVERS>\msftwdf_kernel_01009_inbox_critical.wdf
<DRIVERS>\msfs.sys
<DRIVERS>\msdsm.sys
<DRIVERS>\msahci.sys
<DRIVERS>\mrxsmb20.sys
<DRIVERS>\mrxsmb10.sys
<DRIVERS>\mrxsmb.sys
<DRIVERS>\mrxdav.sys
<DRIVERS>\mpsdrv.sys
<DRIVERS>\mpio.sys
<DRIVERS>\mountmgr.sys
<DRIVERS>\mouhid.sys
<DRIVERS>\mtconfig.sys
<DRIVERS>\umdf\en-us\wudfusbcciddriver.dll.mui

Network activity

UDP

'localhost':63087
'localhost':54071
'localhost':51904
'localhost':56975
'localhost':49975

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''

Creates and executes the following

'<Current directory>\tasksvc.exe'

Restarts the analyzed sample

Executes the following

'<SYSTEM32>\cmd.exe' /c "%TEMP%\7196.tmp\7197.tmp\7198.bat <Full path to file>"
'<SYSTEM32>\cmd.exe' /c "%TEMP%\2F97.tmp\2F98.tmp\2F99.bat <Full path to file>"
'<SYSTEM32>\cmd.exe' /c "%TEMP%\3301.tmp\3302.tmp\3303.bat <Full path to file>"
'%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\2F3A.tmp\2F4A.tmp\2F4B.bat <Full path to file>"
'%WINDIR%\syswow64\cmd.exe' /K Taskdl.bat
'%WINDIR%\syswow64\takeown.exe' /f "<SYSTEM32>\winresume.exe"
'%WINDIR%\syswow64\icacls.exe' "<SYSTEM32>\winresume.exe" /reset /c /q
'%WINDIR%\syswow64\attrib.exe' -r -a -s -h "<SYSTEM32>\winresume.exe"
'<SYSTEM32>\bcdedit.exe' /delete {current}
'%WINDIR%\syswow64\takeown.exe' /f "<SYSTEM32>\winload.exe"
'%WINDIR%\syswow64\icacls.exe' "<SYSTEM32>\winload.exe" /reset /c /q
'%WINDIR%\syswow64\attrib.exe' -r -a -s -h "<SYSTEM32>\winload.exe"
'<SYSTEM32>\takeown.exe' /f "<DRIVERS>" /r
'%WINDIR%\syswow64\takeown.exe' /f "<SYSTEM32>\hal.dll"
'%WINDIR%\syswow64\icacls.exe' "<SYSTEM32>\hal.dll" /reset /c /q
'%WINDIR%\syswow64\attrib.exe' -r -a -s -h "<SYSTEM32>\hal.dll"
'<SYSTEM32>\icacls.exe' "<DRIVERS>" /reset /t /c /q
'%WINDIR%\syswow64\wscript.exe' Informacion.vbs
'%WINDIR%\syswow64\rundll32.exe' user32.dll, SetCursorPos
'<SYSTEM32>\attrib.exe' -r -a -s -h "<DRIVERS>\*.*"
'<SYSTEM32>\format.com' /y /q A
'<SYSTEM32>\format.com' /y /q B
'%WINDIR%\syswow64\rundll32.exe' user32.dll, SwapMouseButton
'<SYSTEM32>\format.com' /y /q D
'%WINDIR%\syswow64\takeown.exe' /f "<SYSTEM32>" /r
'%WINDIR%\syswow64\wscript.exe' ErrorCritico.vbs
'%WINDIR%\syswow64\wscript.exe' Advertencia.vbs
'%WINDIR%\syswow64\ipconfig.exe' /release
'<SYSTEM32>\cmd.exe' /c "%TEMP%\2700.tmp\2701.tmp\2711.bat <Full path to file>"
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v EthernetKill /t REG_SZ /d "%TEMP%\EthernetKiller.cmd" /f
'<SYSTEM32>\cmd.exe' /c "%TEMP%\2396.tmp\23A7.tmp\23A8.bat <Full path to file>"
'<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /K Taskdl.bat
'<SYSTEM32>\takeown.exe' /f "<SYSTEM32>\winresume.exe"
'<SYSTEM32>\takeown.exe' /f "<SYSTEM32>" /r
'<SYSTEM32>\icacls.exe' "<SYSTEM32>\winresume.exe" /reset /c /q
'<SYSTEM32>\attrib.exe' -r -a -s -h "<SYSTEM32>\winresume.exe"
'<SYSTEM32>\takeown.exe' /f "<SYSTEM32>\winload.exe"
'<SYSTEM32>\icacls.exe' "<SYSTEM32>\winload.exe" /reset /c /q
'<SYSTEM32>\attrib.exe' -r -a -s -h "<SYSTEM32>\winload.exe"
'<SYSTEM32>\takeown.exe' /f "<SYSTEM32>\hal.dll"
'<SYSTEM32>\icacls.exe' "<SYSTEM32>\hal.dll" /reset /c /q
'<SYSTEM32>\attrib.exe' -r -a -s -h "<SYSTEM32>\hal.dll"
'<SYSTEM32>\wscript.exe' Informacion.vbs
'<SYSTEM32>\rundll32.exe' user32.dll, SetCursorPos
'<SYSTEM32>\rundll32.exe' user32.dll, SwapMouseButton
'<SYSTEM32>\wscript.exe' ErrorCritico.vbs
'<SYSTEM32>\wscript.exe' Advertencia.vbs
'<SYSTEM32>\certutil.exe' -decode "%TEMP%\Bytebeat.Shingapi.tmp" "Tasksvc.exe"
'<SYSTEM32>\ipconfig.exe' /release
'<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v EthernetKill /t REG_SZ /d "%TEMP%\EthernetKiller.cmd" /f
'<SYSTEM32>\attrib.exe' -r -a -s -h *.*
'%WINDIR%\explorer.exe'
'<SYSTEM32>\notepad.exe'
'<SYSTEM32>\calc.exe'
'<SYSTEM32>\mspaint.exe'
'<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
'<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
'<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
'<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
'%WINDIR%\syswow64\attrib.exe' -r -a -s -h *.*

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней