Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NortonProtect' = 'C:\recycled\Protect.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CTFMON.EXE' = '%TEMP%\CTFMON.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'RunDll32' = '<SYSTEM32>\Run32.dll.exe'
- <SYSTEM32>\SistemInfo.exe
- <SYSTEM32>\Run32.dll.exe
- %TEMP%\CTFMON.exe
- <SYSTEM32>\SistemInfo.exe
- %TEMP%\~DF1824.tmp
- ClassName: 'Indicator' WindowName: ''