Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Internet Esplorer] 'Start' = '00000002'
- %PROGRAM_FILES%\Microsoft\Protect\S-1-5-18\User\setup.exe
- <SYSTEM32>\winlogon.exe 12143
- <SYSTEM32>\cmd.exe /c %TEMP%\JIACJH.bat
- %TEMP%\JIACJH.bat
- %PROGRAM_FILES%\Microsoft\Protect\S-1-5-18\User\setup.exe
- '12###.rhelper.com':2800
- DNS ASK 12###.rhelper.com
- ClassName: 'Shell_TrayWnd' WindowName: ''