Technical Information
- <Drive name for removable media>:\R.REG
- <Drive name for removable media>:\╗╪╩╒╒╛.EXE
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\NET.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\ATTRIB.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\ATTRIB.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\NET.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\SC.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\REGEDIT.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\REGEDIT.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\CMD.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\CMD.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\schtasks.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\FTP.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\AT.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\AT.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\FTP.EXE +H
- <SYSTEM32>\attrib.exe C:\Recycled +A +R +S +H
- <SYSTEM32>\attrib.exe C:\Recycleds +A +R +S +H
- <SYSTEM32>\attrib.exe %WINDIR%\schtasks.EXE +H
- <SYSTEM32>\attrib.exe <Drive name for removable media>:\BOOT -H -S -R -A
- <SYSTEM32>\attrib.exe C:\Download\TEMP -H -S -R -A
- <SYSTEM32>\attrib.exe <Drive name for removable media>:\BOOT\ROOT -H -S -R -A
- <SYSTEM32>\attrib.exe C:\Download -H -S -R -A
- <SYSTEM32>\attrib.exe %WINDIR%\cscript.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\cscript.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\SC.EXE +H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\ip.bat +H
- <SYSTEM32>\attrib.exe %WINDIR%\i.bat +H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\i.bat +H
- <SYSTEM32>\attrib.exe %WINDIR%\ip.bat +H
- <SYSTEM32>\attrib.exe %WINDIR%\CMD.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\CMD.EXE -H
- <SYSTEM32>\taskkill.exe /IM cs* /F /T
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\FTP.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\ATTRIB.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\ATTRIB.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\FTP.EXE -H
- <SYSTEM32>\attrib.exe <Drive name for removable media>:\BOOT\ROOT\POWERSHADOW.EXE -A -S -R -H
- <SYSTEM32>\attrib.exe C:\BOOT\GHOST\*.* -A -S -R -H
- <SYSTEM32>\attrib.exe C:\BOOT -A -S -R -H
- <SYSTEM32>\net1.exe user SERVER 8204161424 /add
- <SYSTEM32>\taskkill.exe /IM cscript.EXE /F /T
- <SYSTEM32>\net1.exe localgroup %USERNAME%s SERVER /add
- <SYSTEM32>\net1.exe user SERVER 8204161424
- <SYSTEM32>\attrib.exe %WINDIR%\cscript.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\cscript.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SC.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\ip.bat -H
- <SYSTEM32>\attrib.exe %WINDIR%\i.bat -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\i.bat -H
- <SYSTEM32>\attrib.exe %WINDIR%\ip.bat -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\NET.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\AT.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\AT.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\NET.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\SC.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\REGEDIT.EXE -H
- <SYSTEM32>\attrib.exe %WINDIR%\SYSTEM\REGEDIT.EXE -H
- <SYSTEM32>\cscript.exe
- %WINDIR%\system\SC.EXE
- %WINDIR%\SC.EXE
- %WINDIR%\system\cscript.EXE
- %WINDIR%\ATTRIB.EXE
- %WINDIR%\system\NET.EXE
- %WINDIR%\NET.EXE
- %WINDIR%\cscript.EXE
- %WINDIR%\i.bat
- %WINDIR%\system\schtasks.EXE
- %WINDIR%\schtasks.EXE
- %WINDIR%\system\ip.bat
- %WINDIR%\ip.bat
- %WINDIR%\system\i.bat
- %WINDIR%\system\ATTRIB.EXE
- <Current directory>\ipx2.bat
- %TEMP%\bt1617.bat
- <SYSTEM32>\ip.bat
- <Current directory>\Recycleds.EXE
- <Current directory>\R.REG
- <Current directory>\ipx.bat
- <SYSTEM32>\i.bat
- %WINDIR%\FTP.EXE
- %WINDIR%\system\AT.EXE
- %WINDIR%\AT.EXE
- %WINDIR%\system\CMD.EXE
- %WINDIR%\CMD.EXE
- %WINDIR%\system\FTP.EXE
- %WINDIR%\system\cscript.EXE
- %WINDIR%\cscript.EXE
- %WINDIR%\SC.EXE
- %WINDIR%\NET.EXE
- %WINDIR%\system\SC.EXE
- %WINDIR%\i.bat
- %WINDIR%\schtasks.EXE
- %WINDIR%\system\i.bat
- %WINDIR%\system\ip.bat
- %WINDIR%\ip.bat
- %WINDIR%\system\FTP.EXE
- %WINDIR%\FTP.EXE
- %WINDIR%\CMD.EXE
- %TEMP%\bt1617.bat
- %WINDIR%\system\CMD.EXE
- %WINDIR%\ATTRIB.EXE
- %WINDIR%\system\NET.EXE
- %WINDIR%\system\ATTRIB.EXE
- %WINDIR%\system\AT.EXE
- %WINDIR%\AT.EXE
- <Current directory>\ipx.bat
- <Current directory>\ipx2.bat
- <Current directory>\Recycleds.EXE
- <Current directory>\R.REG
- ClassName: '' WindowName: ''