Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBuTljK] 'Logon' = 'o'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBuTljK] 'DllName' = 'geBuTljK.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257}' = ''
- %TEMP%\UYRD4E\alg.exe
- %TEMP%\UYRD4E\keygen.exe
- <SYSTEM32>\winlogon.exe
- %TEMP%\nsk2.tmp\DcryptDll.dll
- %TEMP%\UYRD4E\alg.exe
- <SYSTEM32>\geBuTljK.dll
- %TEMP%\UYRD4E\keygen.exe
- %TEMP%\UYRD4E\alg.dat
- %TEMP%\UYRD4E\csrss.dat
- ClassName: 'Shell_TrayWnd' WindowName: ''