Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\PortTalk] 'ImagePath' = 'System32\Drivers\PortTalk.sys'
- %TEMP%\rarsfx0\vcr40.ini
- %TEMP%\rarsfx0\victoria.exe
- %TEMP%\rarsfx0\porttalk.sys
- %TEMP%\rarsfx0\logs\eventlog.txt
- %WINDIR%\syswow64\drivers\porttalk.sys
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\victoria.exe'