Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ARI Start' = '<SYSTEM32>\JDTGNJ\ARI.exe'
- '%TEMP%\is-SCDFK.tmp\YTKEnhancedv2.6Build108Beta.tmp' /SL5="$30094,2922431,337408,%TEMP%\YTKEnhancedv2.6Build108Beta.exe"
- '<SYSTEM32>\JDTGNJ\ARI.exe'
- '%TEMP%\Install.exe'
- '%TEMP%\YTKEnhancedv2.6Build108Beta.exe'
- Библиотека-обработчик для всех процессов: <SYSTEM32>\JDTGNJ\ARI.001
- %TEMP%\is-SCDFK.tmp\YTKEnhancedv2.6Build108Beta.tmp
- <SYSTEM32>\JDTGNJ\ARI.exe
- %TEMP%\is-H5OTU.tmp\_isetup\_RegDLL.tmp
- <SYSTEM32>\JDTGNJ\ARI.008
- %TEMP%\is-H5OTU.tmp\_isetup\_shfoldr.dll
- <SYSTEM32>\JDTGNJ\AKV.exe
- %TEMP%\YTKEnhancedv2.6Build108Beta.exe
- %TEMP%\Install.exe
- <SYSTEM32>\JDTGNJ\ARI.004
- <SYSTEM32>\JDTGNJ\ARI.002
- <SYSTEM32>\JDTGNJ\ARI.001
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'AKLMW'