Техническая информация
- <SYSTEM32>\msiexec.exe /V
- <SYSTEM32>\msiexec.exe -Embedding B7E933170596F4BAD0DC86714DC1D017
- <SYSTEM32>\msiexec.exe /i ""%TEMP%\ia-n.msi""
- <SYSTEM32>\cacls.exe "%PROGRAM_FILES%\a-installeur\un_a-installeur_12345.exe" /E /C /G Everyone:F
- <SYSTEM32>\cacls.exe "%PROGRAM_FILES%\a-installeur\French.lng" /E /C /G Everyone:F
- %TEMP%\26085.msi
- %WINDIR%\Installer\27787.msi
- %PROGRAM_FILES%\a-installeur\un_a-installeur_12345.exe
- %PROGRAM_FILES%\a-installeur\French.lng
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI1.tmp
- %TEMP%\CFG2.tmp
- %PROGRAM_FILES%\a-installeur\un_a-installeur_12345.txt
- %TEMP%\SETUP_41174\IAN v3 sergiu.qsp
- %TEMP%\SETUP_41174\Modern_Setup.bmp
- %TEMP%\SETUP_41174\Engine.exe
- %TEMP%\SETUP_41174\Setup.txt
- %TEMP%\SETUP_41174\French.lng
- %TEMP%\SETUP_41174\00000#ia-n.msi
- %TEMP%\SETUP_41174\Modern_Icon.bmp
- %TEMP%\SETUP_41174\poker-subito-logo.bmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI1.tmp
- ClassName: '<Полный путь к вирусу>' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '.QDebug.' WindowName: ''
- ClassName: '.AutoUpdate.X_' WindowName: ''