Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wlidsvcm32.exe' = '%WINDIR%\wlidsvcm\wlidsvcm32.exe'
- %WINDIR%\wlidsvcm\wlidsvcm32.exe
- <SYSTEM32>\ping.exe 1.1.1.1 -n 2 -w 1000
- <SYSTEM32>\cmd.exe /c """%TEMP%\TFR8148VD2154.bat"" 2 "<Полный путь к вирусу>" "%WINDIR%\wlidsvcm\wlidsvcm32.exe""
- %TEMP%\TFR8148VD2154.bat
- %WINDIR%\wlidsvcm\wlidsvcm32.exe
- ClassName: 'ConsoleWindowClass' WindowName: ''