Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- '%WINDIR%\Help\svchost.exe' /service
- '%WINDIR%\Help\svchost.exe' /start
- '%WINDIR%\Help\svchost.exe' /install /silence
- '<SYSTEM32>\reg.exe' import 111.reg
- '%WINDIR%\regedit.exe' /s 111.reg
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\RAdmin" /f
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\111.bat" "
- '<SYSTEM32>\reg.exe' export "HKEY_LOCAL_MACHINE\SYSTEM\RAdmin" 123.reg
- %WINDIR%\Help\raddrv.dll
- %WINDIR%\Help\svchost.exe
- %WINDIR%\Help\admdll.dll
- %WINDIR%\svchost.exe
- %WINDIR%\111.reg
- %WINDIR%\111.bat
- %WINDIR%\raddrv.dll
- %WINDIR%\AdmDll.dll
- %WINDIR%\svchost.exe
- %WINDIR%\111.reg
- %WINDIR%\AdmDll.dll
- %WINDIR%\raddrv.dll
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''