Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ThinkPad_Config' = '<SYSTEM32>\tpconfig.exe'
- <SYSTEM32>\net1.exe user LocalAdmin TheonlywinningmoveisnottoplaY
- <SYSTEM32>\net1.exe user %USERNAME% TheonlywinningmoveisnottoplaY
- <LS_APPDATA>\ApplicationHistory\<Имя вируса>.exe.bf81a5f0.ini
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2460.102906
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2460.102875
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch в %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2460.102906
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch в %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2460.102875