Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe C:\:services.exe'
- <SYSTEM32>\reg.exe import svcset.reg
- %WINDIR%\regedit.exe /s svcset.reg
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\config\svcset.bat" "
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%WINDIR%\help\svchost.exe" "Remote %USERNAME% Server" ENABLE
- <SYSTEM32>\config\raddrv.dll
- <SYSTEM32>\config\svcset.bat
- C:\:services.exe
- <SYSTEM32>\config\svcset.reg
- <SYSTEM32>\config\svchost.exe
- <SYSTEM32>\config\AdmDll.dll
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'GINA Logon'
- ClassName: '' WindowName: ''