Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\3TPHZUM3A8ES] 'Start' = '00000002'
- C:\93UAKU3AE.EXE RKHNQZURHYRY
- <SYSTEM32>\cmd.exe /c C:\LNOZVJD.BAT
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\rkhnqzurhyry.dll"
- %PROGRAM_FILES%\KCE6C2PDH\NLCJPI.exe
- %PROGRAM_FILES%\KCE6C2PDH\X998B.exe
- C:\LNOZVJD.BAT
- C:\93UAKU3AE.EXE
- %WINDIR%\RKHNQZURHYRY.txt
- %WINDIR%\rkhnqzurhyry.dll
- %PROGRAM_FILES%\KCE6C2PDH\X998B.exe
- %PROGRAM_FILES%\KCE6C2PDH\NLCJPI.exe
- <Полный путь к вирусу>
- ClassName: 'RKHNQZURHYRY' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RKHNQZURHYRY' WindowName: 'gfvybyuwpceqph'