Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\EXE.exe'
- '<SYSTEM32>\net1.exe' uSeR Hack /aDd
- '<SYSTEM32>\bootcfg.exe' /raw /a /bootlogo /id 1
- '<SYSTEM32>\net1.exe' uSeR %USERNAME% hack
- '<SYSTEM32>\net1.exe' lOcAlGrOuP %USERNAME%S Hack /AdD
- '<SYSTEM32>\xcopy.exe' sCrIpT.shs %WINDIR%\
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\bootcfg.exe' /addsw /ng /id 1
- '<SYSTEM32>\attrib.exe' +s +h %WINDIR%\bOoT.bmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Script.shs
- %TEMP%\IXP000.TMP\BOOT.EXE
- %TEMP%\IXP000.TMP\EXE.exe
- %TEMP%\IXP000.TMP\Script.shs
- %WINDIR%\BOOT.BMP
- %TEMP%\IXP000.TMP\EXE.exe
- %TEMP%\IXP000.TMP\BOOT.EXE
- %TEMP%\IXP000.TMP\Script.shs
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Script.shs в %WINDIR%\BOOT.BMP
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b58.b5c.380001'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'