Техническая информация
- '<SYSTEM32>\winlogon.exe'
- '<SYSTEM32>\csrss.exe' ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
- '<SYSTEM32>\netsh.exe' firewall set service type = REMOTEDESKTOP mode = ENABLE
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- '17#.#70.85.7':50225
- 'localhost':3389
- 'download.windowsupdate.com':80
- DNS ASK ss#.##rtbbi.info
- DNS ASK download.windowsupdate.com