Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pumg' = '"%APPDATA%\Microsoft\Xeylrh\xeylrh.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe' = '"%APPDATA%\Microsoft\Xeylrh\xeylrh.exe" /c <SYSTEM32>\ctfmon.exe'
- %APPDATA%\Microsoft\Xeylrh\xeylrh.exe
- <SYSTEM32>\ping.exe -n 10 localhost
- %WINDIR%\Explorer.EXE
- %APPDATA%\Microsoft\Xeylrh\xeylr.dll
- %APPDATA%\Microsoft\Xeylrh\xeylrh.dll
- %APPDATA%\Microsoft\Xeylrh\xeylrh.exe
- ClassName: 'Indicator' WindowName: ''