Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TermService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- %WINDIR%\regedit.exe /S C:\TS2.REG
- %WINDIR%\regedit.exe /s c:\TS.reg
- <SYSTEM32>\sysocmgr.exe /i:%WINDIR%\inf\sysoc.inf /u:c:\bootlog~.txt /q
- %WINDIR%\regedit.exe -S C:\TS2.REG
- <SYSTEM32>\net1.exe localgroup %USERNAME%s IWAN_XP /add
- <SYSTEM32>\net1.exe user IWAN_XP 111 /add /expires:never
- %WINDIR%\regedit.exe /s user1.reg
- %WINDIR%\regedit.exe /S c:\winst.REG
- [<HKLM>\Software\Microsoft\MessengerService]
- C:\TS.reg
- C:\TS2.reg
- C:\bootlog~.txt
- %TEMP%\bt3425.bat
- C:\winst.reg
- <Текущая директория>\user1.reg
- %TEMP%\bt3425.bat
- C:\TS.reg
- %WINDIR%\imsins.BAK
- C:\winst.reg
- <Текущая директория>\user1.reg
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'STUFF-BOOT' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''