Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Svcserv' = '%WINDIR%\Svcserv\svcserv.exe'
- <SYSTEM32>\taskkill.exe /im IMF.exe /f
- %WINDIR%\ssf\ssf1.dat
- %WINDIR%\cwd\first.txt
- %WINDIR%\cwd\name.txt
- ClassName: '' WindowName: ''