Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'taskhost' = '"%APPDATA%\Windows\Files\Updates\files\taskhost.exe"'
- %APPDATA%\Windows\Files\Updates\files\taskhost.exe
- <SYSTEM32>\attrib.exe %APPDATA%\Windows\files\updates\files\winlogon.exe -s -h
- <SYSTEM32>\attrib.exe %APPDATA%\Windows +s +h
- <SYSTEM32>\attrib.exe %APPDATA%\Windows\Files\Updates\files\taskhost.exe +s +h
- <SYSTEM32>\attrib.exe %APPDATA%\Windows\files\updates\files\taskhost.exe -s -h
- <SYSTEM32>\cmd.exe /c ""%APPDATA%\tamp.bat""
- <SYSTEM32>\attrib.exe %APPDATA%\Windows\Files\Updates\files\ -s -h
- <SYSTEM32>\attrib.exe %APPDATA%\Windows -s -h
- %APPDATA%\Windows\Files\Updates\files\data.fl
- %APPDATA%\Windows\Files\Updates\files\taskhost.exe
- %APPDATA%\tamp.bat
- %APPDATA%\tamp.bat
- 'fu###4me.net':80
- fu###4me.net/sila/show_ip.php?to########################################################
- DNS ASK fu###4me.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''