Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RemoteAccess] 'Start' = '00000002'
- <SYSTEM32>\sc.exe config RemoteAccess start= auto
- <SYSTEM32>\net1.exe start RemoteAccess
- <SYSTEM32>\wscript.exe "%HOMEPATH%\Start Menu\X.vbs"
- <SYSTEM32>\rundll32.exe "C:\Server.dll " StartRouter
- <SYSTEM32>\sc.exe stop RemoteAccess
- %HOMEPATH%\Recent\X.lnk
- %PROGRAM_FILES%\Windows NT\Server.log
- <SYSTEM32>\ias\ias.ldb
- %HOMEPATH%\Recent\Start Menu.lnk
- %HOMEPATH%\Start Menu\X.vbs
- %TEMP%\137015_res.tmp
- %TEMP%\106140_res.tmp
- C:\Server.\Server.exe
- %TEMP%\137046_res.tmp
- C:\Server.log
- <SYSTEM32>\ias\ias.ldb
- %HOMEPATH%\Start Menu\X.vbs
- C:\Server.cc
- 'zj####i123.3322.org':7153
- DNS ASK zj####i123.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''