Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'VirusTest' = '%ProgramFiles%\Windows NT\Klog1.exe'
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /v "VirusTest" /t REG_SZ /d "%ProgramFiles%\Windows NT\Klog1.exe" /f
- '<SYSTEM32>\cmd.exe' /c "%ProgramFiles%\Windows NT\Auto.bat"
- %ProgramFiles%\Windows NT\LogEng.txt
- %ProgramFiles%\Windows NT\LogRu.txt
- %ProgramFiles%\Windows NT\Auto.bat
- %ProgramFiles%\Windows NT\Klog1.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''