Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'C:\ProgramData\{RLXET2Z2-KS7W-85K1-E68ECIHXE956}\E68ECIHXE9.exe'
- '<SYSTEM32>\taskkill.exe' /im <Имя файла>.exe /f
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- <Полный путь к файлу>
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 15 /TN "OT42MQJ3I3FLPSW18Z" /TR "C:\ProgramData\{RLXET2Z2-KS7W-85K1-E68ECIHXE956}\E68ECIHXE9.exe" /F
- '<SYSTEM32>\cmd.exe' /c taskkill /im <Имя файла>.exe /f & erase <Полный путь к файлу> & exit