Техническая информация
- %TEMP%\1.tmp\b2e.exe %TEMP%\1.tmp\b2e.exe <Текущая директория> <Полный путь к вирусу>
- <SYSTEM32>\net1.exe user 547 /add
- <SYSTEM32>\net1.exe user 26877 /add
- <SYSTEM32>\net1.exe user 4625 /add
- <SYSTEM32>\net1.exe user This_computer_was_hacked /add
- <SYSTEM32>\cmd.exe /c ""%TEMP%\selfdel0.bat" "
- <SYSTEM32>\logonui.exe /status
- <SYSTEM32>\shutdown.exe -f
- <SYSTEM32>\net1.exe user 18314 /add
- <SYSTEM32>\net1.exe user 22818 /add
- <SYSTEM32>\net1.exe user 31330 /add
- <SYSTEM32>\cmd.exe /c ""%TEMP%\2.tmp\batfile.bat" "
- <SYSTEM32>\net1.exe user 9112 /add
- <SYSTEM32>\net1.exe user 3178 /add
- <SYSTEM32>\net1.exe user 28532 /add
- <SYSTEM32>\net1.exe user 5896 /add
- %TEMP%\selfdel0.bat
- %TEMP%\2.tmp\batfile.bat
- %TEMP%\1.tmp\b2e.exe
- <SYSTEM32>\dllcache\keyboard.sys
- %TEMP%\2.tmp\batfile.bat
- %TEMP%\1.tmp\b2e.exe
- <SYSTEM32>\keyboard.drv
- <SYSTEM32>\dllcache\keyboard.drv
- <SYSTEM32>\keyboard.sys
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'StatusWindowClass' WindowName: ''