Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Collection' = '%WINDIR%\Collection.exe'
- '%TEMP%\RarSFX0\_setup.inx'
- '%TEMP%\RarSFX0\setup.exe'
- %WINDIR%\Collection.ini
- %HOMEPATH%\Favorites\Links\НшЦ·µјєЅ[ДгїмХТХТ].url
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\b14f7b30f8401c3dff1069397602e8c9_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\293f143c-21dc-445d-839b-37a31f101407
- %HOMEPATH%\Favorites\НшЦ·µјєЅ[ДгїмХТХТ].url
- %ALLUSERSPROFILE%\Start Menu\Internet Explorer.lnk
- %TEMP%\RarSFX0\setup.exe
- %TEMP%\RarSFX0\_setup.inx
- %HOMEPATH%\Desktop\НшЦ·µјєЅ[ДгїмХТХТ].url
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'