Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Thunder' = '%TEMP%\RarSFX0\Thunder.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Thunder' = '%TEMP%\RarSFX0\Thunder.exe'
- '%TEMP%\is-9GBH9.tmp\ThunderV7.2.1.3136.tmp' /SL5="$10106,8799623,65536,%TEMP%\ThunderV7.2.1.3136.exe"
- '%TEMP%\RarSFX0\Thunder.exe'
- '%TEMP%\d.exe'
- '%TEMP%\ThunderV7.2.1.3136.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\Thunder.vbs"
- %TEMP%\is-ED3AT.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-ED3AT.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-ED3AT.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-ED3AT.tmp\sd1.gif
- %TEMP%\is-ED3AT.tmp\nsisinstall.jpg
- %TEMP%\is-ED3AT.tmp\gifctrl.dll
- %TEMP%\ThunderV7.2.1.3136.exe
- %TEMP%\d.exe
- %TEMP%\FP1.tmp
- %TEMP%\RarSFX0\Thunder.exe
- %TEMP%\is-9GBH9.tmp\ThunderV7.2.1.3136.tmp
- %TEMP%\RarSFX0\Thunder.vbs
- %TEMP%\RarSFX0\Thunder.exe
- %TEMP%\RarSFX0\Thunder.exe
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'