Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\rong] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\rong] 'ImagePath' = '<SYSTEM32>\rong.exe -service'
- 'rong' <SYSTEM32>\rong.exe -service
- %WINDIR%\syswow64\rong.exe
- %WINDIR%\syswow64\rong.exe
- %WINDIR%\syswow64\tmp.bat
- %WINDIR%\syswow64\rong.dat
- ClassName: '' WindowName: 'Ö÷¶¯·ÀÓù ÐÅÏ¢'
- ClassName: '' WindowName: 'Ö÷¶¯·ÀÓù ¾¯±¨'
- ClassName: '' WindowName: 'Ö÷¶¯·ÀÓù ¾¯¸æ'
- ClassName: '' WindowName: 'Îļþ±£»¤ ¾¯¸æ'
- ClassName: '' WindowName: '¿¨°Í˹»ù»¥ÁªÍø°²È«Ì××° 6.0'
- ClassName: '' WindowName: '΢µãÖ÷¶¯·ÀÓùÈГВјГѕ '
- '%WINDIR%\syswow64\rong.exe'
- '%WINDIR%\syswow64\rong.exe' -service
- '%WINDIR%\syswow64\rong.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\tmp.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\tmp.bat