Техническая информация
- %TEMP%\lsass.exe
- %TEMP%\SVCHOST.EXE /b
- %TEMP%\~iware.tmp\conime.exe /c %TEMP%\~iware.tmp\mstask.exe
- %TEMP%\conime.exe /c rundll32 "%TEMP%\\sock128.dll",rundll
- %TEMP%\~iware.tmp\mstask.exe
- <SYSTEM32>\net1.exe user /domain
- <SYSTEM32>\net1.exe user
- <SYSTEM32>\net1.exe start
- <SYSTEM32>\net1.exe group "domain controllers" /domain
- <SYSTEM32>\net1.exe group "domain computers" /domain
- <SYSTEM32>\net1.exe group "domain admins" /domain
- <SYSTEM32>\taskkill.exe /f /im conime.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\aut3.bat
- <SYSTEM32>\rundll32.exe "%TEMP%\\sock128.dll",rundll
- <SYSTEM32>\tasklist.exe
- <SYSTEM32>\systeminfo.exe
- <SYSTEM32>\fsutil.exe fsinfo drives
- %TEMP%\~iware.tmp\CRNJEUFU_basinfo.txt
- %TEMP%\~iware.tmp\conime.exe
- %TEMP%\SVCHOST.EXE
- %TEMP%\aut3.bat
- %TEMP%\~iware.tmp\mstask.exe
- %TEMP%\lsass.exe
- %TEMP%\sock128.dll
- %TEMP%\conime.exe
- %TEMP%\~svchost.~tmp
- %TEMP%\conime.exe
- %TEMP%\~iware.tmp\conime.exe
- %TEMP%\~svchost.~tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''