Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoNghH] 'Logon' = 'o'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoNghH] 'DllName' = 'nnnoNghH.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{E25EE903-37EB-467B-B1F0-F71063F6B8C8}' = ''
- %TEMP%\UYRD4E\alg.exe
- %TEMP%\UYRD4E\keygen.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\removalfile.bat "%TEMP%\UYRD4E\alg.exe"
- <SYSTEM32>\winlogon.exe
- %TEMP%\UYRD4E\alg.exe
- <SYSTEM32>\nnnoNghH.dll
- %TEMP%\removalfile.bat
- %TEMP%\nsw3.tmp\DcryptDll.dll
- %TEMP%\nsa2.tmp
- %TEMP%\UYRD4E\keygen.exe
- %TEMP%\UYRD4E\alg.dat
- %TEMP%\UYRD4E\alg.exe
- %TEMP%\nsw3.tmp\DcryptDll.dll
- %TEMP%\UYRD4E\alg.dat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'PowerISO *KeyGenerator*'