Техническая информация
- '<SYSTEM32>\net1.exe' localgroup 'remote desktop users' Redbull /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s Redbull /add
- '<SYSTEM32>\net1.exe' user Redbull 123456789 /add
- %TEMP%\aut3.tmp
- %TEMP%\unrar.exe
- %WINDIR%\cache\apps\Microsoft\Applications\Ms-office\Ms-Word\Networking\internet\system32\TangoCharle.exe
- <SYSTEM32>\lssas.exe
- %TEMP%\aut1.tmp
- <SYSTEM32>\keylogger.dll
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'