Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'version_start' = '%ALLUSERSPROFILE%\version.exe'
- '%TEMP%\_ir_sf7_temp_0\irsetup.exe' "__IRAFN:%PROGRAM_FILES%\temp\main.exe"
- '%PROGRAM_FILES%\temp\main.exe'
- '%PROGRAM_FILES%\temp\s.exe'
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- %TEMP%\_ir_sf7_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf7_temp_0\IRIMG1.JPG
- %ALLUSERSPROFILE%\version.exe
- %PROGRAM_FILES%\temp\vss.rdu
- %PROGRAM_FILES%\temp\main.exe
- %PROGRAM_FILES%\temp\vsf.rdu
- %PROGRAM_FILES%\temp\s.exe
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'