Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%WINDIR%\system\tpkIM32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\yjaufo71] 'Start' = '00000000'
- %WINDIR%\system\10576.exe
- %WINDIR%\system\tpkIM32.exe
- <SYSTEM32>\rundll32.exe "<SYSTEM32>\yjaufo71",DllCanUnloadNow
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\SCIntruder.dll
- %WINDIR%\Explorer.EXE
- %TEMP%\tmp4.CAB
- <SYSTEM32>\SCIntruder.dll
- %TEMP%\tmp5.CAB
- <DRIVERS>\yjaufo71.sys
- <SYSTEM32>\yjaufo71.dll
- %WINDIR%\system\tpkIM32.exe
- %TEMP%\nsh2.tmp
- %WINDIR%\system\vm_WDM.dll
- %TEMP%\tmp3.CAB
- %WINDIR%\system\10576.exe
- %TEMP%\tmp5.CAB
- %TEMP%\tmp4.CAB
- %TEMP%\tmp3.CAB
- ClassName: 'Shell_TrayWnd' WindowName: ''