Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NPClSrv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\NPClSrv.exe' = '%PROGRAM_FILES%\NPClSrv.exe:*:Enabled:NPAV Reports'
- %PROGRAM_FILES%\NPAVAdminClient\NpClSrv.exe
- <SYSTEM32>\net1.exe SHARE NPAV /DELETE
- %PROGRAM_FILES%\NPAVAdminClient\WEBSEC32.EXE
- %PROGRAM_FILES%\NPAVAdminClient\NpClInst.exe
- %PROGRAM_FILES%\NPAVAdminClient\ProcessCmd.dll
- %PROGRAM_FILES%\NPAVAdminClient\WebSec64.exe
- %PROGRAM_FILES%\NPAVAdminClient\NPClientDB.dat
- C:\Zv\ProcPid.Log
- C:\AgentInstall.log
- C:\NPAVCLINST.log
- C:\Zv\_lstnCmd.log
- %PROGRAM_FILES%\NPAVAdminClient\RegMgmt.dll
- %TEMP%\AgentInstaller\AgentInstaller\NpClInst.zip
- %PROGRAM_FILES%\NPAVAdminClient\FileSndr.dll
- %TEMP%\AgentInstaller.zip
- %TEMP%\AgentInstaller\AgentInstaller\NpClInst.exe
- %PROGRAM_FILES%\NPAVAdminClient\LstnCmd.dll
- %PROGRAM_FILES%\NPAVAdminClient\RptParse.dll
- %PROGRAM_FILES%\NPAVAdminClient\NpClSrv.exe
- %PROGRAM_FILES%\NPAVAdminClient\RegSilen.exe
- %PROGRAM_FILES%\NPAVAdminClient\GenSender.dll
- C:\Zv\ProcPid.Log
- 'any':0
- ClassName: 'Shell_TrayWnd' WindowName: ''