Техническая информация
- %WINDIR%\Tasks\winmain.job
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winrelog
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winrlshl
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winrlvnc
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winrulog
- '<SYSTEM32>\ping.exe' -n 4 127.0.0.1
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 30 /tn winmain /tr c:\recycler\remote\winmain.exe /ru system
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winrucat
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winreshl
- '<SYSTEM32>\attrib.exe' +h c:\recycler\remote
- '<SYSTEM32>\netsh.exe' firewall set opmode mode = disable
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\winmain.bat" "
- '<SYSTEM32>\attrib.exe' +h c:\recycler
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winrlupd
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winrlexp
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winmain
- '<SYSTEM32>\schtasks.exe' /delete /f /tn winrlcmd
- C:\RECYCLER\remote\downmode.txt
- %TEMP%\1.tmp\winmain.bat
- %TEMP%\1.tmp\winmain.bat