Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TEXT' = '%USERNAME%'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Word' = '%PROGRAM_FILES%\repair.exe'
- '<SYSTEM32>\net1.exe' user ╝╙QQ2013544822╕°─у├▄┬ы 2013544822zj /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s ╝╙QQ2013544822╕°─у├▄┬ы /add
- '<SYSTEM32>\cmd.exe' /c %TEMP%\1f0b4.tmp.bat
- '<SYSTEM32>\net1.exe' user %USERNAME% /active:no
- %TEMP%\1f0b4.tmp.bat
- %PROGRAM_FILES%\repair.exe