Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TEXT' = '%USERNAME%'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Word' = '%PROGRAM_FILES%\repair.exe'
- '<SYSTEM32>\net1.exe' user ┴к╧╡QQXXX╜т╦° 12345678 /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s ┴к╧╡QQXXX╜т╦° /add
- '<SYSTEM32>\cmd.exe' /c %TEMP%\2a195.tmp.bat
- '<SYSTEM32>\net1.exe' user %USERNAME% /active:no
- %TEMP%\2a195.tmp.bat
- %PROGRAM_FILES%\repair.exe
- %TEMP%\2a195.tmp.bat