Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- '%WINDIR%\svchost.exe' /service
- '%WINDIR%\svchost.exe' /start
- '%WINDIR%\svchost.exe' /install /silence
- '%WINDIR%\regedit.exe' /s <LS_APPDATA>\settings.reg
- %WINDIR%\admdll.dll
- %WINDIR%\svchost.exe
- %WINDIR%\raddrv.dll
- %TEMP%\bt8752.bat
- <LS_APPDATA>\raddrv.dll
- <LS_APPDATA>\admdll.dll
- <LS_APPDATA>\svchost.exe
- <LS_APPDATA>\settings.reg
- %TEMP%\bt8752.bat
- <LS_APPDATA>\settings.reg
- <LS_APPDATA>\svchost.exe
- <LS_APPDATA>\raddrv.dll
- %TEMP%\bt8752.bat
- <LS_APPDATA>\admdll.dll
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'