Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'runAPI36' = '"%TEMP%\runAPI93.exe"'
- %TEMP%\win75.exe
- <SYSTEM32>\net1.exe stop Security Center
- <SYSTEM32>\netsh.exe firewall set opmode mode=disable
- <SYSTEM32>\cmd.exe /c ""C:\Documents and Settings\54574N.bat" > NUL"
- <SYSTEM32>\net.exe stop Security Center
- %WINDIR%\SatansDevil.exe
- C:\Documents and Settings\54574N.bat
- %WINDIR%\SatansWeapon.exe
- %WINDIR%\SatansPitbull.exe
- %WINDIR%\SatansNuker.exe
- C:\Documents and Settings\SatansDevil.exe
- C:\Documents and Settings\SatansNuker.exe
- %TEMP%\win75.exe
- C:\Documents and Settings\SatansPitbull.exe
- C:\Documents and Settings\SatansWeapon.exe
- %TEMP%\runAPI93.exe
- ClassName: 'Indicator' WindowName: ''