Техническая информация
- %WINDIR%\Tasks\SA.DAT
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\sc.exe config Schedule start= auto
- <SYSTEM32>\sc.exe start Schedule
- <SYSTEM32>\netsh.exe firewall set service remoteadmin enable
- <SYSTEM32>\netsh.exe firewall set service remotedesktop enable
- <SYSTEM32>\termsrv.dll в <SYSTEM32>\termsrv.old
- ClassName: 'Shell_TrayWnd' WindowName: ''