Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fmemesc' = '"<LS_APPDATA>\fmemesc.exe" fmemesc'
- <LS_APPDATA>\fmemesc.exe INSTALL:|1485||172800|1
- %WINDIR%\Explorer.EXE
- iexplore.exe
- ClassName: 'AOL Frame25' WindowName: ''
- %TEMP%\nsl3.tmp\NSISdl.dll
- %ALLUSERSPROFILE%\Desktop\Original-Solitaire.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Original-Solitaire\Uninstall.lnk
- <LS_APPDATA>\fmemesc_navps.dat
- <LS_APPDATA>\fmemesc.dat
- %TEMP%\Original-Solitaire_exe.dat
- %ALLUSERSPROFILE%\Start Menu\Programs\Original-Solitaire\Original-Solitaire.lnk
- %TEMP%\nsl3.tmp\modern-wizard.bmp
- %TEMP%\nsl3.tmp\ioSpecial.ini
- %TEMP%\nsv2.tmp
- %PROGRAM_FILES%\Original-Solitaire\data\translation_file_original_solitaire.xml
- <LS_APPDATA>\fmemesc.exe
- %TEMP%\nsl3.tmp\modern-header.bmp
- 'do######.original-solitaire.com':80
- do######.original-solitaire.com/Solitaire_download.php?fi#####################################
- do######.original-solitaire.com/Solitaire_download.php?fi#########################
- DNS ASK do######.Original-Solitaire.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: '#32770' WindowName: 'Original-Solitaire'
- ClassName: 'Shell_TrayWnd' WindowName: ''