Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'C:\ProgramData\{GR0OX3AB-BIOX-LLEJ-C8PTLZMEFO8R}\RK54FOV83H.exe'
- '<SYSTEM32>\taskkill.exe' /im <Имя файла>.exe /f
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- <Полный путь к файлу>
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 15 /TN "VW33IFW7SEZ46AZ00A" /TR "C:\ProgramData\{GR0OX3AB-BIOX-LLEJ-C8PTLZMEFO8R}\RK54FOV83H.exe" /F
- '<SYSTEM32>\cmd.exe' /c taskkill /im <Имя файла>.exe /f & erase <Полный путь к файлу> & exit