Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{M1ND-FR34K-ABCD-EFGH-00401C608500}] 'StubPath' = '<SYSTEM32>\winstart.bat'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = 'RunDll32.exe setupapi,InstallHinfSection DefaultInstall 132 %WINDIR%\tweak.inf'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%TEMP%\dwrtsn32.exe'
- %WINDIR%\Tasks\At57.job
- %WINDIR%\Tasks\At58.job
- %WINDIR%\Tasks\At56.job
- %WINDIR%\Tasks\At54.job
- %WINDIR%\Tasks\At55.job
- %WINDIR%\Tasks\At62.job
- %WINDIR%\Tasks\At63.job
- %WINDIR%\Tasks\At61.job
- %WINDIR%\Tasks\At59.job
- %WINDIR%\Tasks\At60.job
- %WINDIR%\Tasks\At53.job
- %WINDIR%\Tasks\At46.job
- %WINDIR%\Tasks\At47.job
- %WINDIR%\Tasks\At45.job
- %WINDIR%\Tasks\At43.job
- %WINDIR%\Tasks\At44.job
- %WINDIR%\Tasks\At51.job
- %WINDIR%\Tasks\At52.job
- %WINDIR%\Tasks\At50.job
- %WINDIR%\Tasks\At48.job
- %WINDIR%\Tasks\At49.job
- %WINDIR%\Tasks\At78.job
- %WINDIR%\Tasks\At79.job
- %WINDIR%\Tasks\At77.job
- %WINDIR%\Tasks\At75.job
- %WINDIR%\Tasks\At76.job
- %WINDIR%\Tasks\At83.job
- %WINDIR%\Tasks\At84.job
- %WINDIR%\Tasks\At82.job
- %WINDIR%\Tasks\At80.job
- %WINDIR%\Tasks\At81.job
- %WINDIR%\Tasks\At74.job
- %WINDIR%\Tasks\At67.job
- %WINDIR%\Tasks\At68.job
- %WINDIR%\Tasks\At66.job
- %WINDIR%\Tasks\At64.job
- %WINDIR%\Tasks\At65.job
- %WINDIR%\Tasks\At72.job
- %WINDIR%\Tasks\At73.job
- %WINDIR%\Tasks\At71.job
- %WINDIR%\Tasks\At69.job
- %WINDIR%\Tasks\At70.job
- %WINDIR%\Tasks\At15.job
- %WINDIR%\Tasks\At16.job
- %WINDIR%\Tasks\At14.job
- %WINDIR%\Tasks\At12.job
- %WINDIR%\Tasks\At13.job
- %WINDIR%\Tasks\At20.job
- %WINDIR%\Tasks\At21.job
- %WINDIR%\Tasks\At19.job
- %WINDIR%\Tasks\At17.job
- %WINDIR%\Tasks\At18.job
- %WINDIR%\Tasks\At11.job
- %WINDIR%\Tasks\At4.job
- %WINDIR%\Tasks\At5.job
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At9.job
- %WINDIR%\Tasks\At10.job
- %WINDIR%\Tasks\At8.job
- %WINDIR%\Tasks\At6.job
- %WINDIR%\Tasks\At7.job
- %WINDIR%\Tasks\At36.job
- %WINDIR%\Tasks\At37.job
- %WINDIR%\Tasks\At35.job
- %WINDIR%\Tasks\At33.job
- %WINDIR%\Tasks\At34.job
- %WINDIR%\Tasks\At41.job
- %WINDIR%\Tasks\At42.job
- %WINDIR%\Tasks\At40.job
- %WINDIR%\Tasks\At38.job
- %WINDIR%\Tasks\At39.job
- %WINDIR%\Tasks\At32.job
- %WINDIR%\Tasks\At25.job
- %WINDIR%\Tasks\At26.job
- %WINDIR%\Tasks\At24.job
- %WINDIR%\Tasks\At22.job
- %WINDIR%\Tasks\At23.job
- %WINDIR%\Tasks\At30.job
- %WINDIR%\Tasks\At31.job
- %WINDIR%\Tasks\At29.job
- %WINDIR%\Tasks\At27.job
- %WINDIR%\Tasks\At28.job
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- 'C:\PackardBell.exe' /pid=6088
- '%WINDIR%\jqs.exe' /pid=5164
- 'C:\PackardBell.exe' /pid=4756
- '%WINDIR%\jqs.exe'
- 'C:\PackardBell.exe'
- '%WINDIR%\jqs.exe' firewall set notifications disable
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSaveSettings /t REG_DWORD /d 1 /f
- '<SYSTEM32>\net1.exe' stop "Security Center"
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
- '<SYSTEM32>\net.exe' stop SharedAccess
- '<SYSTEM32>\netsh.exe' firewall set opmode mode=disable
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFind /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoPropertiesMyDocuments /t REG_DWORD /d 1 /f
- '<SYSTEM32>\alg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v DoNotAllowExceptions /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' add HKCU\Control Panel\don't load /v timedate.cpl /t REG_SZ /d no /f
- '<SYSTEM32>\net1.exe' stop SharedAccess
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /v DisableCAD /t REG_DWORD /d 1 /f
- '<SYSTEM32>\net.exe' stop "Security Center"
- '<SYSTEM32>\at.exe' 9:00 /interactive srvchost.exe
- '<SYSTEM32>\at.exe' 12:00 /interactive srvchost.exe
- '<SYSTEM32>\at.exe' 6:00 /interactive srvchost.exe
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\netsh.exe' firewall set notifications disable
- '<SYSTEM32>\at.exe' 15:00 /interactive srvchost.exe
- '<SYSTEM32>\reg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v EnableFirewall /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v DoNotAllowExceptions /t REG_DWORD /d 0 /f
- '<SYSTEM32>\at.exe' 0:00 /interactive srvchost.exe
- '<SYSTEM32>\at.exe' 18:00 /interactive srvchost.exe
- '<SYSTEM32>\at.exe' 21:00 /interactive srvchost.exe
- <SYSTEM32>\alg.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSaveSettings' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- C:\Autorun.inf
- <SYSTEM32>\winstart.bat
- %WINDIR%\winstart.bat
- C:\Setup.scr
- C:\ReadMe.cmd
- C:\PackardBell.exe
- %WINDIR%\mouse.cpl
- %TEMP%\dwrtsn32.exe
- %WINDIR%\srvchost.exe
- %WINDIR%\tweak.inf
- %WINDIR%\jqs.exe
- <SYSTEM32>.exe
- C:\PackardBell.exe
- C:\Autorun.inf
- %WINDIR%\srvchost.exe