Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- '%WINDIR%\system\r_server.exe' /service
- '%WINDIR%\system\r_server.exe' /install /silence
- '%WINDIR%\system\bat.EXE'
- '<SYSTEM32>\net1.exe' start r_server
- '%WINDIR%\regedit.exe' -s %WINDIR%system reg.reg
- %WINDIR%\system\reg.reg
- %TEMP%\bt2108.bat
- %WINDIR%\system\raddrv.dll
- %WINDIR%\system\AdmDll.dll
- %WINDIR%\system\bat.EXE
- %WINDIR%\system\r_server.exe
- %TEMP%\bt2108.bat
- %TEMP%\bt2108.bat
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'