Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Windows Update' = '"%APPDATA%\Roaming\Identities\bytjl\bytjl.exe" -shell'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adobe System Incorporated' = '%TEMP%\Adobe\Reader_sl.exe'
- <Имя диска съемного носителя>:\pQiTKCG.exe
- '<SYSTEM32>\notepad.exe'
- '<SYSTEM32>\LogonUI.exe' /flags:0x0
- '<SYSTEM32>\calc.exe'
- '<SYSTEM32>\taskhost.exe'
- '<SYSTEM32>\svchost.exe'
- Idle
- <SYSTEM32>\notepad.exe
- %APPDATA%\Roaming\Identities\bytjl\bytjl.exe
- %APPDATA%\Roaming\c731200
- %TEMP%\Adobe\Reader_sl.exe
- %APPDATA%\Roaming\Identities\bytjl\bytjl.exe
- <Имя диска съемного носителя>:\pQiTKCG.exe
- %APPDATA%\Roaming\Identities\bytjl\bytjl.exe
- ClassName: 'Indicator' WindowName: '(null)'