Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft_Update' = '<SYSTEM32>\user32.exe'
- <SYSTEM32>\user32.exe
- <SYSTEM32>\taskkill.exe /IM "<Имя вируса>.exe" /F
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Microsoft_Update /d <SYSTEM32>\user32.exe /f
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\Temp\~.bat" "
- %WINDIR%\Temp\~.bat
- <SYSTEM32>\user32.exe
- ClassName: '' WindowName: ''
- ClassName: 'Indicator' WindowName: ''