Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'office' = '%TEMP%\RarSFX0\office.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'office' = '%TEMP%\RarSFX0\office.exe'
- '%TEMP%\win7.exe'
- '%TEMP%\·sјWёк®Ж§Ё\o.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\win7.vbs"
- '<SYSTEM32>\notepad.exe' %TEMP%\re.txt
- %TEMP%\RarSFX0\foxyinstalled.dll
- %TEMP%\RarSFX0\Conf\Addresses.cfg
- %TEMP%\RarSFX0\win7.exe
- %TEMP%\RarSFX0\LinkMaker.dll
- %TEMP%\RarSFX0\win7.vbs
- %TEMP%\FP2.tmp
- %TEMP%\·sјWёк®Ж§Ё\o.exe
- %TEMP%\win7.exe
- %TEMP%\re.txt
- %TEMP%\RarSFX0\LinkMaker.dll
- %TEMP%\RarSFX0\win7.exe
- %TEMP%\RarSFX0\foxyinstalled.dll
- %TEMP%\RarSFX0\win7.vbs
- %TEMP%\RarSFX0\Conf\Addresses.cfg
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'