Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ntvdl.exe' = '<SYSTEM32>\ntvdl.exe'
- <LS_APPDATA>\Xenocode\Sandbox\Apache HTTP Server\2.2.14\2012.10.04T15.40\Virtual\STUBEXE\8.0.1112\@SYSTEM@\ntvdl.exe
- <SYSTEM32>\ntvdl.exe
- <SYSTEM32>\netsh.exe firewall set service type = REMOTEDESKTOP mode = ENABLE profile = ALL
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v ntvdl.exe /d "<SYSTEM32>\ntvdl.exe"
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\ntvdl.bat" "
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 0 /f
- <SYSTEM32>\ntvdl.exe
- %TEMP%\1.tmp\ntvdl.bat
- %TEMP%\1.tmp\ntvdl.exe
- %TEMP%\1.tmp\ntvdl.bat
- %TEMP%\1.tmp\ntvdl.exe
- '<IP-адрес в локальной сети>':111