Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{43564368-4375-8601-4371-458454791235] 'StubPath' = '<SYSTEM32>\tcpconn.exe /r'
- <SYSTEM32>\cmd.exe /c "%TEMP%\Deleteme.bat"
- %WINDIR%\Explorer.EXE
- %TEMP%\Deleteme.bat
- <SYSTEM32>\tcpconn.exe