Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe conf.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'ImagePath' = '"<SYSTEM32>\r_server.exe" /service'
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\r_server.exe' = '<SYSTEM32>\r_server.exe:*:Enabled:Microsof...
- Диспетчера задач (Taskmgr)
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\run.vbs"
- '<SYSTEM32>\reg.exe' import reg.reg
- '<SYSTEM32>\r_server.exe' /start /silence
- '<SYSTEM32>\r_server.exe' /service
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\run.cmd" "
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>/r_server.exe" "Microsoft Suport" ENABLE
- '<SYSTEM32>\r_server.exe' /install /silence
- <SYSTEM32>\conf.exe
- <SYSTEM32>\run.cmd
- <SYSTEM32>\run.vbs
- <SYSTEM32>\reg.reg
- <SYSTEM32>\r_server.exe
- <SYSTEM32>\raddrv.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''