Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rs32net' = '<SYSTEM32>\rs32net.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rs32net' = '<SYSTEM32>\rs32net.exe'
- <SYSTEM32>\rs32net.exe /n
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\rs32net.exe
- '20#.#6.122.238':80
- 20#.#6.122.238/40E800081441317524E009436C0000014166000000007600000168EB0005301D4DF9A1
- ClassName: 'Indicator' WindowName: ''