Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'YND Start' = '%ALLUSERSPROFILE%\Application Data\ENXJHK\YND.exe'
- '%TEMP%\afolder\Install.exe'
- '%TEMP%\adamuss.exe'
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ztmp\t10917.bat" "
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\Online-magma-icon (1).jpg
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ztmp\t8928.bat" "
- %ALLUSERSPROFILE%\Application Data\ENXJHK\YND.00
- %ALLUSERSPROFILE%\Application Data\ENXJHK\YND.exe
- %TEMP%\ztmp\t10969.exe
- %ALLUSERSPROFILE%\Application Data\UCA\YND.004
- %ALLUSERSPROFILE%\Application Data\ENXJHK\YND.02
- %ALLUSERSPROFILE%\Application Data\ENXJHK\YND.01
- %TEMP%\afolder\Install.exe
- %TEMP%\adamuss.exe
- %TEMP%\Online-magma-icon (1).jpg
- %TEMP%\ztmp\t10917.bat
- %TEMP%\ztmp\t8977.exe
- %TEMP%\ztmp\t8928.bat
- %ALLUSERSPROFILE%\Application Data\ENXJHK\YND.02
- %ALLUSERSPROFILE%\Application Data\ENXJHK\YND.01
- %TEMP%\ztmp\t10969.exe
- %TEMP%\ztmp\t10917.bat
- %ALLUSERSPROFILE%\Application Data\ENXJHK\YND.00
- %TEMP%\ztmp\t8928.bat
- %TEMP%\afolder\Install.exe
- %ALLUSERSPROFILE%\Application Data\ENXJHK\YND.exe
- %TEMP%\ztmp\t8977.exe
- ClassName: '(null)' WindowName: 'AKLMW'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'