Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'UserInit' = '"%TEMP%\svchost.exe"'
- <SYSTEM32>\taskkill.exe /f /pid 2772
- <SYSTEM32>\attrib.exe + h +s + r svchost.exe
- <SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v UserInit /t REG_SZ /d ""%TEMP%\svchost.exe"" /f
- <SYSTEM32>\cmd.exe /c delmytmp.bat
- %TEMP%\is-B0KE4.tmp\Setup1.tmp
- %TEMP%\is-TF5OR.tmp\_isetup\_shfoldr.dll
- %TEMP%\delmytmp.bat
- %TEMP%\run.exe
- %TEMP%\svchost.exe
- %TEMP%\Setup1.exe
- %TEMP%\run.exe
- 'm.##.com':80
- m.##.com/
- DNS ASK m.##.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''