Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*LogMeInRescue_4290789117' = '"<LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe" -runonce reboot'
- '<LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe'
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\a8a89d1f-62ce-4f25-8cfe-4ed79565f5d3
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\rescue.ico
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\rescue.info
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\chatlog.dat
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\session.log
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\rescue.log
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\RescueWinRTLib.dll
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\rahook.dll
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\ra64app.exe
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\logo.bmp
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\params.txt
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
- 'se####.###meinrescue-enterprise.com':443
- 'se####.###meinrescue-enterprise.com':80
- se####.###meinrescue-enterprise.com/myrahost/list.aspx?we################
- DNS ASK se####.###meinrescue-enterprise.com
- ClassName: 'Shell_TrayWnd' WindowName: ''