Техническая информация
- '%TEMP%\RarSFX0\install.exe'
- '<SYSTEM32>\attrib.exe' <SYSTEM32>\r_server.exe +s +r +a +h
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\attrib.exe' <SYSTEM32>\raddrv.dll +s +r +a +h
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\install RarSFX0.bat" "
- '<SYSTEM32>\attrib.exe' <SYSTEM32>\AdmDll.dll +s +r +a +h
- <SYSTEM32>\AdmDll.dll
- %TEMP%\1.tmp\install RarSFX0.bat
- <SYSTEM32>\r_server.exe
- <SYSTEM32>\raddrv.dll
- %TEMP%\RarSFX0\install.exe
- %TEMP%\RarSFX0\raddrv.dll
- %TEMP%\RarSFX0\r_server.exe
- %TEMP%\RarSFX0\AdmDll.dll
- %TEMP%\RarSFX0\RAdminNT.reg
- <SYSTEM32>\r_server.exe
- <SYSTEM32>\raddrv.dll
- <SYSTEM32>\AdmDll.dll
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'