Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'toastpop02_UAC' = '%WINDIR%\d57BJSail5.exe'
- C:\toastpop004.exe /verysilent
- %TEMP%\is-USF09.tmp\toastpop004.tmp /SL5="$200E4,791224,54272,C:\toastpop004.exe" /verysilent
- %TEMP%\is-R1UDQ.tmp\toastpop004.tmp /SL5="$50036,791224,54272,C:\toastpop004.exe"
- C:\toastpop004.exe
- C:\toastpop02_UAC.exe
- <SYSTEM32>\taskkill.exe /F /IM winapp.exe
- %TEMP%\is-3AL3I.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-USF09.tmp\toastpop004.tmp
- %TEMP%\is-LJ70E.tmp\SetupUtil.dll
- %APPDATA%\toastpop\is-3UBA7.tmp
- %TEMP%\is-3AL3I.tmp\SetupUtil.dll
- %TEMP%\is-3AL3I.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-R1UDQ.tmp\toastpop004.tmp
- C:\toastpop02_UAC.exe
- C:\toastpop004.exe
- %TEMP%\is-LJ70E.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-LJ70E.tmp\_isetup\_RegDLL.tmp
- %WINDIR%\d57BJSail5.exe
- %WINDIR%\d57BJSail5.exe
- %TEMP%\is-LJ70E.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-R1UDQ.tmp\toastpop004.tmp
- %TEMP%\is-LJ70E.tmp\SetupUtil.dll
- %TEMP%\is-LJ70E.tmp\_isetup\_RegDLL.tmp
- %APPDATA%\toastpop\is-3UBA7.tmp в %APPDATA%\toastpop\unins000.exe
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''