Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'C:\ProgramData\{91MU3O08-S4RK-1J13-BCO3CUW81N9D}\DTRX5R6DG2.exe'
- '<SYSTEM32>\taskkill.exe' /im <Имя файла>.exe /f
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- <Полный путь к файлу>
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 15 /TN "KJGE7LFBYH1AGFSALC" /TR "C:\ProgramData\{91MU3O08-S4RK-1J13-BCO3CUW81N9D}\DTRX5R6DG2.exe" /F
- '<SYSTEM32>\cmd.exe' /c taskkill /im <Имя файла>.exe /f & erase <Полный путь к файлу> & exit