Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Xenocode' = '%APPDATA%\Xenocode\XenocodeVE.exe'
- '%TEMP%\{BAA3C897-3D74-4676-842B-E96E9BB00DBB}\ssms.exe'
- '%TEMP%\{BAA3C897-3D74-4676-842B-E96E9BB00DBB}\cssrs.exe'
- %TEMP%\{BAA3C897-3D74-4676-842B-E96E9BB00DBD}\DateCheck.exe
- %TEMP%\{BAA3C897-3D74-4676-842B-E96E9BB00DBC}\{BAA46738}\version.file
- %TEMP%\{BAA3C897-3D74-4676-842B-E96E9BB00DBC}\{BAA46738}\sys.imp
- %APPDATA%\Xenocode\XenocodeVE.exe
- %TEMP%\{BAA3C897-3D74-4676-842B-E96E9BB00DBB}\cssrs.exe
- %TEMP%\{BAA3C897-3D74-4676-842B-E96E9BB00DBB}\ssms.exe
- ClassName: 'AutoHotkey' WindowName: '%TEMP%\{BAA3C897-3D74-4676-842B-E96E9BB00DBB}\cssrs.exe'
- ClassName: '#32771' WindowName: ''
- ClassName: 'AutoHotkey' WindowName: '<Полный путь к вирусу>'
- ClassName: 'Shell_TrayWnd' WindowName: ''