Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'load' = '%WINDIR%\temp\serlist.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\reg.exe' ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /f /v load /t reg_sz /d %WINDIR%\temp\serlist.exe
- ClassName: 'OllyDbg' WindowName: ''
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- из <Полный путь к вирусу> в %WINDIR%\Temp\serlist.exe
- ClassName: 'Regmon' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'AutoRuns' WindowName: ''
- ClassName: 'Filemon' WindowName: ''