Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'system.exe' = '%WINDIR%\system.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\net1.exe start telnet
- <SYSTEM32>\net1.exe accounts /maxpwage:unlimited
- <SYSTEM32>\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v system.exe /t REG_SZ /f /d %WINDIR%\system.exe
- <SYSTEM32>\tasklist.exe
- <SYSTEM32>\net1.exe user
- <SYSTEM32>\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Services\Tlntsvr /v Start /t REG_DWORD /f /d 2
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\system.bat" "
- <SYSTEM32>\net1.exe user HelpAssistant /DELETE
- <SYSTEM32>\net1.exe user HelpAssistant !!qwerty!!
- <SYSTEM32>\net1.exe user HelpAssistant /ADD
- %TEMP%\1.tmp\system.bat
- %TEMP%\1.tmp\binaries.txt
- %TEMP%\1.tmp\b2e
- %TEMP%\1.tmp\b2e
- %TEMP%\1.tmp\binaries.txt
- ClassName: 'Indicator' WindowName: ''