Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DameWare MRC Agent' = '<SYSTEM32>\DWRCST.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\DWMRCS] 'ImagePath' = '<SYSTEM32>\DWRCS.exe -service'
- [<HKLM>\SYSTEM\ControlSet001\Services\DWMRCS] 'Start' = '00000002'
- '<SYSTEM32>\DWRCST.exe'
- '<SYSTEM32>\regsvr32.exe'
- '<SYSTEM32>\DWRCS.exe' -install
- '<SYSTEM32>\cmd.exe' /C <SYSTEM32>\DWRCS.exe -install
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\XP32.MSI" /q
- '<SYSTEM32>\DWRCS.exe' -service
- '<SYSTEM32>\msiexec.exe' -Embedding C7B281D099993225B7B612539FDF15A8
- <SYSTEM32>\DWRCSET.dll
- <SYSTEM32>\DWRCSh64.dlx
- <SYSTEM32>\DWRCK.dll
- <SYSTEM32>\DWRCS.exe
- <SYSTEM32>\DWRCSh32.dlx
- %WINDIR%\Installer\2fc7b.msi
- %TEMP%\~DFDEEE.tmp
- <SYSTEM32>\DWRCSI.dll
- <SYSTEM32>\DWRCST.exe
- <SYSTEM32>\Dwrcs.ini
- %WINDIR%\Installer\2fc77.msi
- %WINDIR%\Installer\MSI2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\XP32.MSI
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI4.tmp
- C:\Config.Msi\2fc7a.rbs
- %WINDIR%\Installer\2fc79.ipi
- %TEMP%\~DF3832.tmp
- %WINDIR%\Installer\2fc77.msi
- C:\Config.Msi\2fc7a.rbs
- %TEMP%\XP32.MSI
- %WINDIR%\Installer\2fc79.ipi
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI2.tmp
- %TEMP%\aut1.tmp
- <SYSTEM32>\DWRCSh64.dlx
- %WINDIR%\Installer\MSI3.tmp
- <SYSTEM32>\DWRCSh32.dlx в <SYSTEM32>\DWRCSh32.DLL
- 'localhost':6129
- ClassName: 'Shell_TrayWnd' WindowName: ''