Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'KADAGAIDFCIFGOA' = 'C:ProgramData\sv_host.exe'
- C:\ProgramData\windws.exe
- C:\ProgramData\winlog.exe
- %TEMP%\1.tmp\2.bat
- C:\ProgramData\attrib.exe
- C:\ProgramData\cssrss.exe
- C:\ProgramData\winlog.exe
- %TEMP%\1.tmp\2.bat
- ClassName: 'EDIT' WindowName: ''
- 'C:\ProgramData\windws.exe'
- 'C:\ProgramData\attrib.exe' -p1234 -dC:\ProgramData
- 'C:\ProgramData\cssrss.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" C:\ProgramData\cssrss.exe"