Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'version_start' = '%ALLUSERSPROFILE%\version.exe'
- '%TEMP%\_ir_sf7_temp_0\irsetup.exe' "__IRAFN:%TEMP%\RarSFX0\setup.exe"
- '%TEMP%\RarSFX0\setup.exe'
- %TEMP%\_ir_sf7_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf7_temp_0\IRIMG1.JPG
- %ALLUSERSPROFILE%\version.exe
- %TEMP%\_ir_sf7_temp_0\version.exe
- %TEMP%\RarSFX0\1.exe
- %TEMP%\RarSFX0\setup.exe
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'