Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\_snapman] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\_snapman] 'ImagePath' = 'system32\drivers\_snapman.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\_fltsrv] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\_fltsrv] 'ImagePath' = 'system32\drivers\_fltsrv.sys'
- '%TEMP%\ATIH2017NG_v6209\TrueImage.exe'
- '%TEMP%\ATIH2017NG_v6209\Launcher.exe'
- %TEMP%\ATIH2017NG_v6209\snapman.sys
- %TEMP%\ATIH2017NG_v6209\snapman64.sys
- %TEMP%\ATIH2017NG_v6209\thread_pool.dll
- %TEMP%\ATIH2017NG_v6209\resource.dll
- %TEMP%\ATIH2017NG_v6209\rpc_client.dll
- %TEMP%\ATIH2017NG_v6209\snapapi.dll
- %TEMP%\ATIH2017NG_v6209\tib_api.dll
- %TEMP%\ATIH2017NG_v6209\vccorlib120.dll
- <DRIVERS>\_fltsrv.sys
- <DRIVERS>\_snapman.sys
- %TEMP%\ATIH2017NG_v6209\tib_mounter.dll
- %TEMP%\ATIH2017NG_v6209\TrueImage.exe
- %TEMP%\ATIH2017NG_v6209\ulxmlrpcpp.dll
- %TEMP%\ATIH2017NG_v6209\oem_doc_source.dll
- %TEMP%\ATIH2017NG_v6209\fox.dll
- %TEMP%\ATIH2017NG_v6209\icu38.dll
- %TEMP%\ATIH2017NG_v6209\icudt38.dll
- %TEMP%\ATIH2017NG_v6209\expat.dll
- %TEMP%\ATIH2017NG_v6209\fltsrv.sys
- %TEMP%\ATIH2017NG_v6209\fltsrv64.sys
- %TEMP%\ATIH2017NG_v6209\kb_link.dll
- %TEMP%\ATIH2017NG_v6209\logging.dll
- %TEMP%\ATIH2017NG_v6209\msvcp120.dll
- %TEMP%\ATIH2017NG_v6209\msvcr120.dll
- %TEMP%\ATIH2017NG_v6209\Launcher.exe
- %TEMP%\ATIH2017NG_v6209\libcrypto10.dll
- %TEMP%\ATIH2017NG_v6209\libssl10.dll
- <DRIVERS>\_snapman.sys
- <DRIVERS>\_fltsrv.sys
- ClassName: 'Shell_TrayWnd' WindowName: ''