Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Svchost.exe' = '%APPDATA%\Svchost.exe'
- %PROGRAM_FILES%\Company\NewProduct\Crypted.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shell32.dll,OpenAs_RunDLL "%TEMP%\No"
- %TEMP%\~tatxemh.tmp
- %TEMP%\~syzlwtj.tmp
- %TEMP%\aut1.tmp
- %TEMP%\wpgzdmr
- %APPDATA%\Svchost.exe
- %TEMP%\No
- %TEMP%\~gabdpap.tmp
- %TEMP%\~uytcrdy.tmp
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\4.tmp
- %PROGRAM_FILES%\Company\NewProduct\Uninstall.exe
- %PROGRAM_FILES%\Company\NewProduct\Uninstall.ini
- %PROGRAM_FILES%\Company\NewProduct\679.pdf
- %PROGRAM_FILES%\Company\NewProduct\Crypted.exe
- %APPDATA%\Svchost.exe
- %TEMP%\~tatxemh.tmp
- %TEMP%\wpgzdmr
- %TEMP%\~syzlwtj.tmp
- %TEMP%\~uytcrdy.tmp
- %TEMP%\~gabdpap.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\4.tmp
- %TEMP%\aut1.tmp
- %TEMP%\$inst\5.tmp
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''