Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\TermService] 'Start' = '00000002'
- '%HOMEPATH%\server.exe' /install /silence
- '%HOMEPATH%\server.exe'
- '<Текущая директория>\admin.exe'
- '%HOMEPATH%\server.exe' /pass:af6sx9** /port:3390 /save /silence
- '%WINDIR%\regedit.exe' /S "sn.reg"
- '<SYSTEM32>\cmd.exe' /c ""%HOMEPATH%\setup.bat" "
- %HOMEPATH%\setup.bat
- %HOMEPATH%\sn.reg
- <Текущая директория>\admin.exe
- %HOMEPATH%\AdmDll.dll
- %HOMEPATH%\server.exe
- %HOMEPATH%\AdmDll.dll
- %HOMEPATH%\sn.reg
- 'fa#####3.a71.zgsj.net':80
- 'if####.ip138.com':80
- '10.##2.129.249':9001
- '22#.#31.138.47':1433
- '22#.#31.138.47':445
- '22#.#31.138.47':139
- if####.ip138.com/ic.asp
- fa#####3.a71.zgsj.net/ipnew.asp
- DNS ASK if####.ip138.com
- DNS ASK fa#####3.a71.zgsj.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'