Техническая информация
- %WINDIR%\Tasks\SA.DAT
- '<SYSTEM32>\svchost.exe' -k rpcss
- '<SYSTEM32>\net1.exe' user admin 24496606177 /add && net localgroup %USERNAME%s admin /add
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\svchost.exe' -k LocalService
- '<SYSTEM32>\shutdown.exe' -s -t 8
- '<SYSTEM32>\taskkill.exe' -f -im svchost.exe
- '<SYSTEM32>\net1.exe' user %USERNAME% 24496606177
- '<SYSTEM32>\logonui.exe' /status /shutdown
- <SYSTEM32>\svchost.exe
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'StatusWindowClass' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'