Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'C:\ProgramData\{GWA14V2R-02VL-39XF-CP8Z9ZN3KMVU}\VHRLMGBDPQ.exe'
- '<SYSTEM32>\taskkill.exe' /im <Имя файла>.exe /f
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 15 /TN "N4PBPGDI8QAN7L2TW4" /TR "C:\ProgramData\{GWA14V2R-02VL-39XF-CP8Z9ZN3KMVU}\VHRLMGBDPQ.exe" /F
- '<SYSTEM32>\cmd.exe' /c taskkill /im <Имя файла>.exe /f & erase <Полный путь к файлу> & exit