Техническая информация
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '%WINDIR%\LC.EXE'
- %WINDIR%\NT.REG
- %WINDIR%\SYS.REG
- %WINDIR%\LC.exe
- ClassName: 'StatusWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c start cmd /c start cmd /c COPY *.EXE %WINDIR%\LC.*
- '<SYSTEM32>\cmd.exe' /c net user administrator ZXYWSWSWWS
- '<SYSTEM32>\ping.exe' 192.168.1.1
- '<SYSTEM32>\cmd.exe' /c ping 192.168.1.1
- '<SYSTEM32>\cmd.exe' /c start cmd /c net user administrator ZXYWSWSWWS
- '%WINDIR%\regedit.exe' /S %WINDIR%\SYS.REG
- '<SYSTEM32>\cmd.exe' /c start cmd /c start cmd /c net user administrator ZXYWSWSWWS
- '<SYSTEM32>\shutdown.exe' -L
- '<SYSTEM32>\cmd.exe' /c REGEDIT /S %WINDIR%\SYS.REG
- '<SYSTEM32>\cmd.exe' /c start cmd /c ping 192.168.1.1
- '<SYSTEM32>\cmd.exe' /c COPY *.EXE %WINDIR%\LC.*
- '<SYSTEM32>\cmd.exe' /c start cmd /c REGEDIT /S %WINDIR%\SYS.REG
- '<SYSTEM32>\cmd.exe' /c start cmd /c start cmd /c start cmd /c net user administrator ZXYWSWSWWS
- '<SYSTEM32>\cmd.exe' /c start cmd /c start cmd /c ping 192.168.1.1 & SHUTDOWN -L
- '<SYSTEM32>\cmd.exe' /c start cmd /c COPY *.EXE %WINDIR%\LC.*
- '<SYSTEM32>\cmd.exe' /c start cmd /c start cmd /c REGEDIT /S %WINDIR%\SYS.REG
- '<SYSTEM32>\net.exe' user administrator ZXYWSWSWWS
- '<SYSTEM32>\net1.exe' user administrator ZXYWSWSWWS