Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Win64' = '<SYSTEM32>\Win64.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Win64.lnk
- <Имя диска съемного носителя>:\Jicho pevu Saitoti is Illuminati.avi.exe
- '<SYSTEM32>\Win64.exe'
- %HOMEPATH%\Desktop\Jicho pevu Saitoti is Illuminati.avi.exe
- <SYSTEM32>\Win_64.dll
- <SYSTEM32>\Win64.exe
- %HOMEPATH%\My Documents\Funny videos compilation.avi.exe
- ClassName: '#32771' WindowName: '(null)'
- ClassName: 'AutoHotkey' WindowName: '<SYSTEM32>\Win64.exe'
- ClassName: 'AutoHotkey' WindowName: '<Полный путь к вирусу>'