Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\explorer.lnk
- C:\ProgramData\Windows\scvsservc.bat
- C:\ProgramData\Windows\svhost.exe
- C:\ProgramData\Windows\svchost.vbs
- %TEMP%\lkrsrv.vbs
- %TEMP%\cssrs.vbs
- %TEMP%\services.exe
- %TEMP%\regregitid.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\regregitid.exe'
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows\svchost.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\lkrsrv.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\cssrs.vbs"
- '%TEMP%\services.exe' -pddsrqwllasdlasdl