Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\PortTalk] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\PortTalk] 'ImagePath' = '%TEMP%\2k10\Victoria\PortTalk.sys'
- %TEMP%\2k10\victoria\vcr.bat
- %TEMP%\2k10\victoria\vichlp.htm
- %TEMP%\2k10\victoria\изменения.txt
- %TEMP%\2k10\victoria\vcr40.ini
- %TEMP%\2k10\victoria\instdrvw.exe
- %TEMP%\2k10\victoria\vcr.exe
- %TEMP%\2k10\victoria\porttalk.sys
- %WINDIR%\temp\uddce05.tmp
- %TEMP%\2k10\victoria\logs\eventlog.txt
- %TEMP%\2k10\victoria\logs\passp_western digital hdd_aa9wro3ey297.bin
- %WINDIR%\temp\uddce05.tmp
- '%TEMP%\2k10\victoria\instdrvw.exe' PortTalk "%TEMP%\2k10\Victoria\PortTalk.sys"
- '%TEMP%\2k10\victoria\vcr.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\2k10\Victoria\vcr.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\2k10\Victoria\vcr.bat" "
- '%WINDIR%\syswow64\reg.exe' QUERY HKLM\SYSTEM\ControlSet001\Services\PortTalk