Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] 'P5TDNRRAVPJC' = '%APPDATA%\UTZNUMHP.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] 'P5TDNRRAVPJC' = '%APPDATA%\UTZNUMHP.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'P5TDNRRAVPJC' = '%APPDATA%\UTZNUMHP.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'startx' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'P5TDNRRAVPJC' = '%APPDATA%\UTZNUMHP.exe'
- '%APPDATA%\hunter.sam.exe'
- %APPDATA%\6K84IA.dll
- %APPDATA%\hunter.sam.exe
- %TEMP%\~DF2F3E.tmp
- %APPDATA%\hunter.sam.exe в %APPDATA%\UTZNUMHP.exe
- 'bl###shades.ru':9081
- DNS ASK bl###shades.ru
- ClassName: 'Indicator' WindowName: '(null)'