Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '.Net Recovery' = 'rundll32.exe dotnetfx.dll,repair'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\(Empty).LNK
- %TEMP%\~Kpc67556.tmp -d5 -kf winlogon.exe
- <SYSTEM32>\rundll32.exe dotnetfx.dll,repair
- <SYSTEM32>\winlogon.exe
- %TEMP%\aut1.tmp
- %TEMP%\~Kpc67556.tmp
- <SYSTEM32>\dotnetfx.dll
- C:\KHATRA.exe
- C:\KHATRA.exe
- %TEMP%\aut1.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''