Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dipserver' = '%WINDIR%\122\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Mail.Ru' = '%PROGRAM_FILES%\Remote Office Manager - Server\ROMServer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Mail.Ru' = '%PROGRAM_FILES%\Remote Office Manager - Server\ROMServer.exe'
- %WINDIR%\122\lsass.exe
- %WINDIR%\122\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Remote Office Manager\v3.4\Config" /v HideTrayIcon /t REG_DWORD /d 1 /f
- <SYSTEM32>\msiexec.exe /V
- <SYSTEM32>\msiexec.exe /i "romserver4.1.2ru.msi" /quiet /norestart
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\122\1.bat" "
- %WINDIR%\122\romserver4.1.2ru.msi
- %WINDIR%\122\reg.exe
- %TEMP%\syspage.dll
- %PROGRAM_FILES%\reg\reg\1.reg
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %WINDIR%\122\lsass.exe
- %WINDIR%\122\1.bat
- %TEMP%\syspage.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'TAppBuilder' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''