Техническая информация
- %WINDIR%\Tasks\Windows_Messenger_Service-{0223D705-87E0-42AB-9046-4139D8EEB169}.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- '<SYSTEM32>\c_m_d.exe' /c SCHTASKS.EXE /Create /SC ONSTART /TN Windows_Messenger_Service-{0223D705-87E0-42AB-9046-4139D8EEB169} /TR <SYSTEM32>\msmsgrs.exe /RU SYSTEM
- '<SYSTEM32>\c_m_d.exe' /c sc.exe start schedule
- '<SYSTEM32>\c_m_d.exe' /c sc.exe \\127.0.0.1 config schedule start= auto
- '<SYSTEM32>\schtasks.exe' /Create /SC ONSTART /TN Windows_Messenger_Service-{0223D705-87E0-42AB-9046-4139D8EEB169} /TR <SYSTEM32>\msmsgrs.exe /RU SYSTEM
- '<SYSTEM32>\sc.exe' start schedule
- '<SYSTEM32>\sc.exe' \\127.0.0.1 config schedule start= auto
- %TEMP%\uvbddbm
- <SYSTEM32>\c_m_d.exe
- \Device\LanmanRedirector\127.0.0.1\pipe\svcctl
- %TEMP%\aut1.tmp
- %TEMP%\jcufsis
- %TEMP%\aut2.tmp
- %WINDIR%\Tasks\Windows_Messenger_Service-{0223D705-87E0-42AB-9046-4139D8EEB169}.job
- %TEMP%\uvbddbm
- <SYSTEM32>\c_m_d.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\jcufsis
- из <Полный путь к вирусу> в <SYSTEM32>\msmsgrs.exe
- 'localhost':445