Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'IRPF' = '<SYSTEM32>\IRPF.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'IRPF' = '<SYSTEM32>\IRPF.EXE'
- <SYSTEM32>\IRPF.EXE <SYSTEM32>\TT500HP.EXE
- <SYSTEM32>\TT500HP.exe
- <SYSTEM32>\IRPF.EXE
- <SYSTEM32>\MSWINSCK.OCX
- <SYSTEM32>\TT500HP.exe
- <SYSTEM32>\IRPF.EXE
- %TEMP%\~DF3760.tmp
- <SYSTEM32>\TT500HP.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''