Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Startup Manager 5.9' = '"<SYSTEM32>\rundll32.exe" "%APPDATA%\t8t7t6t5t4t3t2t1\jcyw.shy",#1'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Startup Manager 5.9' = 'rundll32 "%APPDATA%\t8t7t6t5t4t3t2t1\jcyw.shy",#1'
- '%TEMP%\<Имя вируса>.exe'
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\t8t7t6t5t4t3t2t1\jcyw.shy",#1
- '<SYSTEM32>\reg.exe' LOAD HKU\.HKEY_CURRENT_USER_HIVE "%HOMEPATH%\ntuser.dat"
- '<SYSTEM32>\reg.exe' UNLOAD HKU\.HKEY_CURRENT_USER_HIVE
- %TEMP%\<Имя вируса>.exe
- %APPDATA%\t8t7t6t5t4t3t2t1\t8t7t6t5t4t3t2t1
- %APPDATA%\t8t7t6t5t4t3t2t1\jcyw.shy
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'