Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- %WINDIR%\system\smss.exe /start
- %WINDIR%\system\smss.exe /service
- C:\9615.exe
- %WINDIR%\system\smss.exe /install /silence
- %WINDIR%\regedit.exe /s smss.reg
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\wscript.exe "%WINDIR%\system\smss.vbs"
- <SYSTEM32>\net.exe stop sharedaccess
- %WINDIR%\system\raddrv.dll
- %WINDIR%\system\smss.exe
- %WINDIR%\system\AdmDll.dll
- C:\9615.exe
- %WINDIR%\system\smss.vbs
- %WINDIR%\system\smss.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''