Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] '_1' = '<SYSTEM32>\services.com'
- '%WINDIR%\inf\4.0.0.27-3-beta.exe'
- '<SYSTEM32>\services.com' %WINDIR%\inf\4.0.0.27-3-beta.exe
- '%CommonProgramFiles%\Microsoft Shared\MSInfo\IEINFOS.ini'
- '%WINDIR%\inf\LineH_Pack_4.0.0.27-3-beta.exe'
- Библиотека-обработчик для всех процессов: <SYSTEM32>\ntoskernal.log
- ClassName: 'AVP.Product_Notification' WindowName: '(null)'
- %WINDIR%\inf\4.0.0.27-3-beta.exe
- <SYSTEM32>\ntoskernal.log
- %CommonProgramFiles%\Microsoft Shared\MSInfo\IEINFOS.ini
- %WINDIR%\inf\LineH_Pack_4.0.0.27-3-beta.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\IEINFOS.ini
- C:\_default.pif в <SYSTEM32>\services.com
- %WINDIR%\inf\4.0.0.27-3-beta.exe в C:\_default.pif
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '?' WindowName: '(null)'