Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\dmsrv ] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\Ldmgr.exe' = '<SYSTEM32>\Ldmgr.exe:*:enabled:@xpsp2res.dll,-22018'
- '<SYSTEM32>\Ldmgr.exe'
- '<SYSTEM32>\Ldmgr.exe' /i
- '<SYSTEM32>\net1.exe' start "dmsrv "
- '%WINDIR%\regedit.exe' /s winxp.reg
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\install.bat" "
- '%WINDIR%\regedit.exe' /s settings.reg
- <SYSTEM32>\CatRoot2\dbrr.txt
- <SYSTEM32>\wpamdmn.exe
- <SYSTEM32>\wmasdnmod.exe
- <DRIVERS>\win.sys
- <SYSTEM32>\CatRoot2\res4.log
- <SYSTEM32>\CatRoot2\res3.log
- <SYSTEM32>\winxp.reg
- <SYSTEM32>\settings.reg
- <SYSTEM32>\Ldmgr.exe
- <SYSTEM32>\install.bat
- <SYSTEM32>\winipssec.dll
- <SYSTEM32>\vfpodbcd.ocx
- <SYSTEM32>\umandllg.dll
- <SYSTEM32>\winxp.reg
- <SYSTEM32>\settings.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''