Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\system\wdm.exe'
- <SYSTEM32>\net1.exe user Guest 39k4ds7o70j4
- <SYSTEM32>\net1.exe user HelpAssistant 39k4ds7o70j4
- <SYSTEM32>\net1.exe user SUPPORT_388945a0 39k4ds7o70j4
- <SYSTEM32>\shutdown.exe -r -t 00
- <SYSTEM32>\net1.exe user %USERNAME% 39k4ds7o70j4
- <SYSTEM32>\net1.exe user ASPNET 39k4ds7o70j4
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\E6CC73B5B668E897EDAEAC1E4F765C56AFC477A5
- %HOMEPATH%\My Documents\My Pictures\EFS0.TMP
- %HOMEPATH%\My Documents\My Music\EFS0.TMP
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\6c5eff54573999573f3ce53789aa91bb_23ef5514-3059-436f-a4a7-4cefaab20eb1
- <Текущая директория>\oodbnt1.ini
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\10c9f87e-94b7-44fb-8ca9-8e1f9babe2a3
- %HOMEPATH%\My Documents\My Pictures\EFS0.TMP
- C:\System Volume Information\EFS0.LOG
- %HOMEPATH%\My Documents\My Music\EFS0.TMP