Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\vdsmc] 'Start' = '00000002'
- '%PROGRAM_FILES%\temp\main.exe'
- '%CommonProgramFiles%\casove\wtels.exe' /install /Silent
- '%PROGRAM_FILES%\temp\s.exe'
- '%TEMP%\RarSFX0\Setup.EXE'
- '%TEMP%\RarSFX0\mathh_6403.exe'
- %TEMP%\GLG4.tmp
- %TEMP%\~GLH0000.TMP
- %TEMP%\GLC1.tmp
- %TEMP%\GLK2.tmp
- %CommonProgramFiles%\casove\reatl\ctamon.dll
- %CommonProgramFiles%\casove\wtels.exe
- %CommonProgramFiles%\casove\jy.ini
- %CommonProgramFiles%\casove\reatl\cafmen.dll
- %CommonProgramFiles%\casove\imoes.exe
- %PROGRAM_FILES%\temp\main.exe
- %TEMP%\RarSFX0\Setup.EXE
- %TEMP%\RarSFX0\rarinfo.txt
- %TEMP%\RarSFX0\jTemp.dat
- %TEMP%\RarSFX0\Setup.ini
- %TEMP%\RarSFX0\Setup.ico
- %PROGRAM_FILES%\temp\vsf.rdu
- %PROGRAM_FILES%\temp\s.exe
- %TEMP%\RarSFX0\gTemp.dat
- %PROGRAM_FILES%\temp\vss.rdu
- %TEMP%\RarSFX0\Setup.EXE
- %TEMP%\RarSFX0\Setup.ico
- %TEMP%\RarSFX0\Setup.ini
- %TEMP%\RarSFX0\rarinfo.txt
- %CommonProgramFiles%\casove\jy.ini
- %TEMP%\RarSFX0\jTemp.dat
- %TEMP%\RarSFX0\mathh_6403.exe
- %TEMP%\~GLH0000.TMP в %TEMP%\GLF5.tmp
- %TEMP%\RarSFX0\gTemp.dat в %TEMP%\RarSFX0\mathh_6403.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''