Техническая информация
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\cipher.exe"'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\cipher.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cipher' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\cipher.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'cipher' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\cipher.exe"'
- %HOMEPATH%\Start Menu\Programs\Startup\cipher.lnk
- '%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\cipher.exe'
- '<SYSTEM32>\taskkill.exe' /t /f /im "<Имя вируса>.exe"
- '<SYSTEM32>\cmd.exe' /c taskkill /t /f /im "<Имя вируса>.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "<Полный путь к вирусу>" > NUL
- <SYSTEM32>\cmd.exe
- %TEMP%\Detail Plastic - White.3PP
- %TEMP%\error_1.png
- %TEMP%\Black - White.act
- %TEMP%\GRE.zdct
- %TEMP%\Introvert.UpY
- %APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\cipher.exe
- %TEMP%\nsj6.tmp
- %TEMP%\nsa3.tmp\System.dll
- %TEMP%\Dialogs.dll
- %TEMP%\data.png
- %TEMP%\Aruba
- %TEMP%\nsa2.tmp
- %TEMP%\ScroogeKebab.U
- %TEMP%\glossterm.list.properties.xml
- %TEMP%\Brass - Raw.3PP
- %TEMP%\Curacao
- %TEMP%\f2.png
- %TEMP%\F12Tools.dll.mui
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''