Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\PortTalk] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\PortTalk] 'ImagePath' = '%TEMP%\2k10\Victoria\PortTalk.sys'
- 'PortTalk' %TEMP%\2k10\Victoria\PortTalk.sys
- %TEMP%\2k10\victoria\help\русский\dcomemo.rtf
- %TEMP%\2k10\victoria\help\русский\vichlp.rtf
- %TEMP%\2k10\victoria\help\русский\whatsnew.rtf
- %TEMP%\2k10\victoria\lng\русский.lng
- %TEMP%\2k10\victoria\vcr.bat
- %TEMP%\2k10\victoria\victoria.ini
- %TEMP%\2k10\victoria\instdrvw.exe
- %TEMP%\2k10\victoria\porttalk.sys
- %TEMP%\2k10\victoria\victoria.exe
- %WINDIR%\temp\uddcf19.tmp
- %TEMP%\2k10\victoria\logs\eventlog.txt
- %TEMP%\2k10\victoria\logs\mass storage device__zz3stlpe2mdpn\eventlog.txt
- %TEMP%\2k10\victoria\logs\mass storage device__zz3stlpe2mdpn\passp_mass storage device_zz3stlpe2mdpn.bin
- %WINDIR%\temp\uddcf19.tmp
- '%TEMP%\2k10\victoria\instdrvw.exe' PortTalk "%TEMP%\2k10\Victoria\PortTalk.sys"
- '%TEMP%\2k10\victoria\victoria.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\2k10\Victoria\vcr.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\2k10\Victoria\vcr.bat" "
- '%WINDIR%\syswow64\reg.exe' QUERY HKLM\SYSTEM\ControlSet001\Services\PortTalk