Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\WinLogon] 'GinaDLL' = 'VBoxGINA.dll'
- %WINDIR%\win.ini
- notepad.exe
- %TEMP%\nsu1129.tmp
- %TEMP%\assists.dll
- %TEMP%\counterfeit
- %TEMP%\system.dll
- %TEMP%\nsk1188.tmp\nsexec.dll
- %APPDATA%\query\dx7light12.gif
- %APPDATA%\query\down-background-rtl.png
- %TEMP%\notmodrewrite\fe107.gif
- %TEMP%\notmodrewrite\aboutdebugging.dtd
- %TEMP%\notmodrewrite\rtc-stk17ta8.ko
- %TEMP%\notmodrewrite\xdcmake.exe
- %ProgramFiles%\$%vbox_vendor_short%\virtualbox guest additions\giftd.conf
- %TEMP%\password1\uploaded\distsql.hxc
- %TEMP%\password1\uploaded\manifest.xml
- %TEMP%\password1\uploaded\aspnetwp.exe
- %TEMP%\password1\uploaded\httpsecurity7.gif
- %TEMP%\printer-long.ti1
- %TEMP%\vslauncher.exe
- %TEMP%\opldecode
- %TEMP%\example-service-no-introspect.pl
- %TEMP%\principalobjectaccess.xml
- %TEMP%\triggeredevent.h
- %TEMP%\6.opends60.dll
- %TEMP%\password1\uploaded\commode.c
- %TEMP%\notepad.exe
- '%TEMP%\notepad.exe'