Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Rundll] 'ImagePath' = '"C:\ProgramData\indus\services.exe"'
- '<SYSTEM32>\net.exe' stop Rundll
- <Текущая директория>\srv.exe
- %TEMP%\is-KG33S.tmp\srv.tmp
- C:\ProgramData\indus\is-GD4A6.tmp
- C:\ProgramData\indus\is-J2UMQ.tmp
- C:\ProgramData\indus\is-IPBE9.tmp
- C:\ProgramData\indus\unins000.dat
- C:\ProgramData\indus\is-GD4A6.tmp в C:\ProgramData\indus\unins000.exe
- C:\ProgramData\indus\is-J2UMQ.tmp в C:\ProgramData\indus\autoran.bat
- C:\ProgramData\indus\is-IPBE9.tmp в C:\ProgramData\indus\services.exe
- ClassName: 'EDIT' WindowName: ''
- '<Текущая директория>\srv.exe' /verysilent
- '%TEMP%\is-KG33S.tmp\srv.tmp' /SL5="$40092,3810301,57856,<Текущая директория>\srv.exe" /verysilent
- 'C:\ProgramData\indus\services.exe' install
- '<SYSTEM32>\net1.exe' stop Rundll
- '<SYSTEM32>\cmd.exe' /C ""autoran.bat""
- '<SYSTEM32>\sc.exe' config Rundll start= auto