Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\RZHelper.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\RemoteZilla.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\RZ2.3.7201403012306\RemoteZilla.exe' = '%PROGRAM_FILES%\RZ2.3.7201403012306\RemoteZilla.exe:*:Enabled:RemoteZilla-Server'
- '%TEMP%\nsa5.tmp\ns10.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service" /f
- '%TEMP%\nsa5.tmp\ns11.tmp' REG.EXE DELETE "SYSTEM\CurrentControlSet\Services\RZ_Service\Description" /f
- '%TEMP%\nsa5.tmp\nsE.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service\Security" /f
- '%TEMP%\nsa5.tmp\nsF.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service\Enum" /f
- '%PROGRAM_FILES%\RZ2.3.7201403012306\RemoteZilla.exe'
- '%PROGRAM_FILES%\RZ2.3.7201403012306\RZHelper.exe'
- '%TEMP%\nsa5.tmp\ns12.tmp' REG.EXE DELETE "SYSTEM\CurrentControlSet\Services\RZ_Service\DependOnService" /f
- '%TEMP%\nsa5.tmp\ns13.tmp' REG.EXE DELETE "SYSTEM\CurrentControlSet\Services\RZ_Service" /f
- '%TEMP%\nsa5.tmp\nsD.tmp' "netsh.exe" firewall add allowedprogram "%PROGRAM_FILES%\RZ2.3.7201403012306\RemoteZilla.exe" "RemoteZilla-Server" ENABLE
- '%TEMP%\nsa5.tmp\ns7.tmp' "sc.exe" stop RZ_CAD
- '%TEMP%\nsa5.tmp\ns8.tmp' "net.exe" stop RZ_Service
- '%TEMP%\nsl3.tmp\RZ_pca.owenjunkin.com_830.exe' /23712953202549422641_Junkin Enterprises/0
- '%TEMP%\nsa5.tmp\ns6.tmp' "sc.exe" stop RZ_Service
- '%TEMP%\nsa5.tmp\nsB.tmp' "sc.exe" delete RZ_CAD
- '%TEMP%\nsa5.tmp\nsC.tmp' "netsh.exe" firewall add allowedprogram "%PROGRAM_FILES%\RZ2.3.7201403012306\RemoteZilla.exe" "RemoteZilla-Server" ENABLE ALL
- '%TEMP%\nsa5.tmp\ns9.tmp' "net.exe" stop RZ_CAD
- '%TEMP%\nsa5.tmp\nsA.tmp' "sc.exe" delete RZ_Service
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service\Security" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service\Enum" /f
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\RZ2.3.7201403012306\RemoteZilla.exe" "RemoteZilla-Server" ENABLE ALL
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\RZ2.3.7201403012306\RemoteZilla.exe" "RemoteZilla-Server" ENABLE
- '<SYSTEM32>\reg.exe' DELETE "SYSTEM\CurrentControlSet\Services\RZ_Service\DependOnService" /f
- '<SYSTEM32>\reg.exe' DELETE "SYSTEM\CurrentControlSet\Services\RZ_Service" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service" /f
- '<SYSTEM32>\reg.exe' DELETE "SYSTEM\CurrentControlSet\Services\RZ_Service\Description" /f
- '<SYSTEM32>\net.exe' stop RZ_Service
- '<SYSTEM32>\net1.exe' stop RZ_Service
- '<SYSTEM32>\sc.exe' stop RZ_Service
- '<SYSTEM32>\sc.exe' stop RZ_CAD
- '<SYSTEM32>\sc.exe' delete RZ_Service
- '<SYSTEM32>\sc.exe' delete RZ_CAD
- '<SYSTEM32>\net.exe' stop RZ_CAD
- '<SYSTEM32>\net1.exe' stop RZ_CAD
- %TEMP%\nsl3.tmp\ToolBox\RZ2.3.7.txt
- %TEMP%\nsl3.tmp\Configs\RZ2.3.7.txt
- %PROGRAM_FILES%\RZ2.3.7201403012306\RZuninst.exe
- %PROGRAM_FILES%\RZ2.3.7201403012306\StopRZ.reg
- %TEMP%\nsa5.tmp\nsD.tmp
- %TEMP%\nsa5.tmp\nsC.tmp
- %PROGRAM_FILES%\RZ2.3.7201403012306\UnRZ.txt
- %PROGRAM_FILES%\RZ2.3.7201403012306\Flag.txt
- %PROGRAM_FILES%\RZ2.3.7201403012306\RZ.txt
- %TEMP%\nsa5.tmp\rzUninst.exe
- %TEMP%\nsa5.tmp\cad.exe
- %TEMP%\nsa5.tmp\RemoteZilla.exe
- %HOMEPATH%\Desktop\Stop Remote Support.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\2549422641[1].txt
- %TEMP%\nsa5.tmp\ns13.tmp
- %TEMP%\nsa5.tmp\ns12.tmp
- %PROGRAM_FILES%\RZ2.3.7201403012306\ToolBox\RZHelper.lnk
- %TEMP%\MSRC4Plugin-tmp.d1
- %TEMP%\2549422641.txt
- %TEMP%\nsa5.tmp\nsE.tmp
- %PROGRAM_FILES%\RZ2.3.7201403012306\ToolBox\RemoteZilla.lnk
- %HOMEPATH%\Desktop\ToolBox 2.3.7.0.lnk
- %TEMP%\nsa5.tmp\ns11.tmp
- %TEMP%\nsa5.tmp\ns10.tmp
- %TEMP%\nsa5.tmp\nsF.tmp
- %TEMP%\nsl3.tmp\Blank.bmp
- %TEMP%\nsl3.tmp\Icon2.ico
- %TEMP%\nsl3.tmp\Icon1.ico
- %TEMP%\nsl3.tmp\rc4.dat
- %TEMP%\nsl3.tmp\MSRC4Plugin.dsm
- %TEMP%\nsl3.tmp\Ring.wav
- %TEMP%\nsl3.tmp\rzHelper.exe
- %TEMP%\nsl3.tmp\RZ_pca.owenjunkin.com_830.exe
- %TEMP%\nsb2.tmp
- %TEMP%\nsl3.tmp\Logo.bmp
- %TEMP%\nsl3.tmp\Splash.bmp
- %TEMP%\nsl3.tmp\RZ.txt
- %TEMP%\nsl3.tmp\Splash.dll
- %TEMP%\nsa5.tmp\ns8.tmp
- %TEMP%\nsa5.tmp\ns7.tmp
- %TEMP%\nsa5.tmp\ns6.tmp
- %TEMP%\nsa5.tmp\nsB.tmp
- %TEMP%\nsa5.tmp\nsA.tmp
- %TEMP%\nsa5.tmp\ns9.tmp
- %HOMEPATH%\Start Menu\Programs\Administrative Tools\desktop.ini
- %PROGRAM_FILES%\RZ2.3.7201403012306\Advantig.txt
- %TEMP%\nsisdt.dll
- %TEMP%\nsa5.tmp\nsExec.dll
- %TEMP%\nsl3.tmp\RZ-Done.txt
- %HOMEPATH%\My Documents\My Videos\Desktop.ini
- %HOMEPATH%\My Documents\My Videos\Desktop.ini
- %TEMP%\nsa5.tmp\nsE.tmp
- %TEMP%\nsa5.tmp\nsF.tmp
- %TEMP%\nsa5.tmp\nsD.tmp
- %TEMP%\nsl3.tmp\RZ-Done.txt
- %TEMP%\nsa5.tmp\nsC.tmp
- %TEMP%\nsa5.tmp\ns10.tmp
- %TEMP%\nsa5.tmp\cad.exe
- %TEMP%\nsa5.tmp\nsExec.dll
- %TEMP%\nsa5.tmp\ns13.tmp
- %TEMP%\nsa5.tmp\ns11.tmp
- %TEMP%\nsa5.tmp\ns12.tmp
- %TEMP%\nsa5.tmp\ns7.tmp
- %TEMP%\nsa5.tmp\ns8.tmp
- %TEMP%\nsa5.tmp\ns6.tmp
- %TEMP%\nsisdt.dll
- %PROGRAM_FILES%\RZ2.3.7201403012306\Advantig.txt
- %TEMP%\nsa5.tmp\ns9.tmp
- %PROGRAM_FILES%\RZ2.3.7201403012306\UnRZ.txt
- %PROGRAM_FILES%\RZ2.3.7201403012306\Flag.txt
- %PROGRAM_FILES%\RZ2.3.7201403012306\RZ.txt
- %TEMP%\nsa5.tmp\nsA.tmp
- %TEMP%\nsa5.tmp\nsB.tmp
- %TEMP%\nsl3.tmp\MSRC4Plugin.dsm в %PROGRAM_FILES%\RZ2.3.7201403012306\MSRC4Plugin.dsm
- %TEMP%\nsl3.tmp\rzHelper.exe в %PROGRAM_FILES%\RZ2.3.7201403012306\RZHelper.exe
- %TEMP%\nsl3.tmp\rc4.dat в %PROGRAM_FILES%\RZ2.3.7201403012306\rc4.dat
- %TEMP%\nsa5.tmp\RemoteZilla.exe в %PROGRAM_FILES%\RZ2.3.7201403012306\RemoteZilla.exe
- %TEMP%\nsa5.tmp\rzUninst.exe в %PROGRAM_FILES%\RZ2.3.7201403012306\Uninst.exe
- %TEMP%\nsl3.tmp\RZ.txt в %PROGRAM_FILES%\RZ2.3.7201403012306\RZ.txt
- %TEMP%\nsl3.tmp\Icon1.ico в %PROGRAM_FILES%\RZ2.3.7201403012306\icon1.ico
- %TEMP%\nsl3.tmp\Logo.bmp в %PROGRAM_FILES%\RZ2.3.7201403012306\Logo.bmp
- %TEMP%\nsl3.tmp\Icon2.ico в %PROGRAM_FILES%\RZ2.3.7201403012306\icon2.ico
- %TEMP%\nsl3.tmp\Ring.wav в %PROGRAM_FILES%\RZ2.3.7201403012306\Ring.wav
- %TEMP%\nsl3.tmp\Blank.bmp в %PROGRAM_FILES%\RZ2.3.7201403012306\Blank.bmp
- 'pc#.##enjunkin.com':830
- 'www.re###ezilla.net':80
- 'localhost':1038
- www.re###ezilla.net/unreg/2549422641.txt
- DNS ASK pc#.##enjunkin.com
- DNS ASK www.re###ezilla.net
- ClassName: 'RemoteZilla Tray Icon' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: 'RemoteZilla desktop sink' WindowName: '(null)'
- ClassName: '#32770' WindowName: '(null)'