Техническая информация
- '%TEMP%\RarSFX0\ShowWindowsAdd.exe'
- '<SYSTEM32>\rundll32.exe' Shell32.dll,Control_RunDLL Appwiz.cpl,@0,2
- '<SYSTEM32>\sysocmgr.exe' /y /i:<SYSTEM32>\sysoc.inf
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\Add_msmq_win7.bat" "
- '<SYSTEM32>\control.exe' Appwiz.cpl,@0,2
- [<HKLM>\Software\Microsoft\MessengerService]
- %TEMP%\RarSFX0\ShowWindowsAdd.exe
- %TEMP%\RarSFX0\Add_msmq_win7.bat
- %TEMP%\RarSFX0\ShowWindowsAdd.exe
- %TEMP%\RarSFX0\Add_msmq_win7.bat
- %WINDIR%\imsins.BAK
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'STUFF-BOOT' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'