Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RsScanSrv] 'Start' = '00000002'
- <SYSTEM32>\sc.exe create RsScanSrv type= own start= auto binpath= "C:\Rising\Rav\ScanFrm.exe" displayname= "Rising Scan Service" obj= LocalSystem
- <SYSTEM32>\net1.exe start RsScanSrv
- <SYSTEM32>\net1.exe start RsNTGDI
- <SYSTEM32>\cmd.exe /c ""%TEMP%\ CMD8AC6.CMD""
- %WINDIR%\regedit.exe /s rav2009.reg
- %TEMP%\ CMD8AC6.CMD
- %TEMP%\ CMD8AC6.CMD
- ClassName: 'RegEdit_RegEdit' WindowName: ''