Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- %WINDIR%\r_server.exe /service
- %WINDIR%\r_server.exe /install /silence
- <SYSTEM32>\attrib.exe +h +s admdll.dll
- <SYSTEM32>\net1.exe start r_server
- <SYSTEM32>\attrib.exe +h +s r_server.exe
- <SYSTEM32>\alg.exe
- <SYSTEM32>\net1.exe start sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\radmin.bat" "
- <SYSTEM32>\net1.exe stop sharedaccess
- %WINDIR%\regedit.exe /s rs.reg
- %WINDIR%\regedit.exe /s port.reg
- %WINDIR%\r_server.exe
- %WINDIR%\port.reg
- %WINDIR%\raddrv.dll
- %WINDIR%\radmin.bat
- %WINDIR%\rs.reg
- %WINDIR%\load.vbs
- %WINDIR%\AdmDll.dll
- %WINDIR%\r_server.exe
- %WINDIR%\AdmDll.dll
- %WINDIR%\rs.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''