Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost32' = '%WINDIR%\svcshost.bat'
- %TEMP%\InterSpeedNet.exe
- <SYSTEM32>\msg.exe * U Has been Pwned!
- <SYSTEM32>\reg.exe add HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN /v svchost32 /d %WINDIR%\svcshost.bat
- %WINDIR%\svcshost.bat
- %TEMP%\InterSpeedNet.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''