Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %WINDIR%\system\notepad.exe'
- %WINDIR%\system\notepad.exe
- %TEMP%\aut2.tmp
- %TEMP%\xaqgwlt
- %TEMP%\aut1.tmp
- %TEMP%\vitdioq
- %WINDIR%\system\log.txt
- %TEMP%\xaqgwlt
- %WINDIR%\system\log.txt
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\vitdioq
- %WINDIR%\system\log.txt
- 'gu####.f3322.net':8081
- '18#.#.139.30':8081
- DNS ASK qq.com
- DNS ASK gu####.f3322.net
- '%WINDIR%\system\notepad.exe'
- '<SYSTEM32>\net.exe' user administratr administratr /add
- '<SYSTEM32>\net1.exe' user administratr administratr /add
- '<SYSTEM32>\net.exe' user administratr /del
- '<SYSTEM32>\net1.exe' user administratr /del