Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\rdremote_service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\rdremote_service] 'ImagePath' = '"%ProgramFiles%\rdremote\rdremote.exe" -service'
- %TEMP%\7zs1.tmp\rc4.key
- %TEMP%\7zs1.tmp\installservice2.bat
- %TEMP%\7zs1.tmp\remote.ini
- %TEMP%\7zs1.tmp\msrc4plugin.dsm
- %TEMP%\7zs1.tmp\rdremote.exe
- %TEMP%\7zs1.tmp\logging.dll
- %TEMP%\7zs1.tmp\logmessages.dll
- %TEMP%\7zs1.tmp\vnchooks.dll
- %ProgramFiles%\rdremote\rdremote.exe
- %ProgramFiles%\rdremote\logging.dll
- %ProgramFiles%\rdremote\logmessages.dll
- %ProgramFiles%\rdremote\msrc4plugin.dsm
- %ProgramFiles%\rdremote\rc4.key
- %ProgramFiles%\rdremote\vnchooks.dll
- %ProgramFiles%\rdremote\a.vbs
- 'localhost':5900
- '%ProgramFiles%\rdremote\rdremote.exe' -install
- '%ProgramFiles%\rdremote\rdremote.exe' -service
- '<SYSTEM32>\wscript.exe' "%ProgramFiles%\rdremote\a.vbs"
- '%ProgramFiles%\rdremote\rdremote.exe' -service_run
- '<SYSTEM32>\net.exe' start "rdremote_service"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c .\installService2.bat
- '<SYSTEM32>\net.exe' start "rdremote_service"
- '<SYSTEM32>\net1.exe' start "rdremote_service"
- '<SYSTEM32>\sc.exe' failure "rdremote_service" reset= 300 actions= restart/0/restart/0/restart/0