Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Rspdates Apxplicatioan] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Rspdates Apxplicatioan] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- %TEMP%\RarSFX0\uharc.exe
- %TEMP%\RarSFX0\file.uha
- %TEMP%\RarSFX0\ms.exe
- %WINDIR%\hfsetemp.ini
- %WINDIR%\Svchost.txt
- %WINDIR%\Svchost.reg
- %TEMP%\160125_tem.info
- %WINDIR%\Svchost.txt
- %WINDIR%\Svchost.reg
- %WINDIR%\hfsetemp.ini
- %TEMP%\RarSFX0\ms.exe
- %TEMP%\RarSFX0\file.uha
- %TEMP%\RarSFX0\uharc.exe
- %TEMP%\160125_tem.info в <SYSTEM32>\winnie.dll
- %WINDIR%\Svchost.txt
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX0\uharc.exe' e file.uha
- '%TEMP%\RarSFX0\ms.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs