Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- '<SYSTEM32>\administration_assembly\access_protocol\svchost.exe' /start
- '<SYSTEM32>\administration_assembly\access_protocol\svchost.exe' /service
- '<SYSTEM32>\administration_assembly\access_protocol\svchost.exe' /install /silence
- '<SYSTEM32>\administration_assembly\access_protocol\svchost.exe' /save /silence /pass:Jnmfi92309hj /port:4742
- '%WINDIR%\regedit.exe' /s "<LS_APPDATA>\registry.reg"
- '<SYSTEM32>\reg.exe' import "<LS_APPDATA>\registry.reg"
- '<SYSTEM32>\attrib.exe' +h <SYSTEM32>\administration_assembly /D /S
- <SYSTEM32>\administration_assembly\access_protocol\svchost.exe
- %TEMP%\bt2283.bat
- <SYSTEM32>\administration_assembly\access_protocol\AdmDll.dll
- <SYSTEM32>\administration_assembly\access_protocol\raddrv.dll
- <LS_APPDATA>\AdmDll.dll
- <LS_APPDATA>\svchost.exe
- <LS_APPDATA>\registry.reg
- <LS_APPDATA>\raddrv.dll
- %TEMP%\bt2283.bat
- <LS_APPDATA>\raddrv.dll
- <LS_APPDATA>\registry.reg
- <LS_APPDATA>\AdmDll.dll
- %TEMP%\bt2283.bat
- <LS_APPDATA>\svchost.exe
- ClassName: 'RegEdit_RegEdit' WindowName: ''