Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Themes.vbs
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- <SYSTEM32>\net1.exe
- <SYSTEM32>\taskkill.exe /f /im wscript.exe
- <SYSTEM32>\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Services\BITS /v Start /t REG_DWORD /d 02 /f
- %WINDIR%\regedit.exe /s "%TEMP%\\119265_res.reg"
- %WINDIR%\regedit.exe /s "%TEMP%\\122765_res.reg"
- %WINDIR%\regedit.exe /s "%TEMP%\\125515_res.reg"
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes.dat
- %TEMP%\125515_res.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\DelThemes.reg
- <SYSTEM32>\syscchl.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Theme.vbs
- %TEMP%\wi117890nd.temp
- %TEMP%\MyInformations.ini
- %TEMP%\119265_res.tmp
- %TEMP%\122765_res.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Themes.reg
- %TEMP%\MyInformations.ini
- из <Полный путь к вирусу> в %TEMP%\systemp.tmp
- 'an###.3322.org':443
- DNS ASK an###.3322.org
- ClassName: '' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''