Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PortTalk] 'ImagePath' = 'System32\Drivers\PortTalk.sys'
- %TEMP%\RarSFX0\Victoria.exe
- %TEMP%\RarSFX0\porttalk.sys
- %TEMP%\RarSFX0\vcr40.ini
- %TEMP%\RarSFX0\LOGS\eventlog.txt
- <DRIVERS>\PortTalk.sys
- %TEMP%\RarSFX0\LOGS\Passp_XXware Xirtual IDE Hard Drive_11000000000000000001.bin
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX0\Victoria.exe'