Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RSVP] 'Start' = '00000002'
- <SYSTEM32>\rsvp.exe
- '<SYSTEM32>\net.exe' stop RSVP
- '<SYSTEM32>\net.exe' stop cryptsvc
- C:\Documents and Settings\LocalService\Local Settings\ok.exe
- C:\Documents and Settings\LocalService\Local Settings\emptyregdberb.dat
- C:\Documents and Settings\LocalService\Local Settings\rsvp.exe
- C:\Documents and Settings\LocalService\Local Settings\fuck.EXE
- %TEMP%\bt1053.bat
- <SYSTEM32>\emptyregdberb.dat
- %TEMP%\bt1053.bat
- ClassName: 'EDIT' WindowName: ''
- 'C:\Documents and Settings\LocalService\Local Settings\ok.exe' fuck.exe,1,1
- 'C:\Documents and Settings\LocalService\Local Settings\fuck.EXE'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\bt1053.bat
- '<SYSTEM32>\net1.exe' stop RSVP
- '<SYSTEM32>\sc.exe' config RSVP start= auto
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\cmd.exe' /c tasklist/m rsvpperf.dll|find "rsvpperf.dll"
- '<SYSTEM32>\tasklist.exe' /m rsvpperf.dll
- '<SYSTEM32>\find.exe' "rsvpperf.dll"