Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'UPDATE' = ''
- <SYSTEM32>\wscript.exe "%TEMP%\dl.vbs"
- <SYSTEM32>\ping.exe 1.1.1.1 -n 1 -w 30000
- <SYSTEM32>\cmd.exe /c ""%TEMP%\webdl.bat""
- %WINDIR%\regedit.exe /S %TEMP%\runonce.reg
- %TEMP%\dl.vbs
- %WINDIR%\svchost.exe
- %TEMP%\webdl.bat
- %TEMP%\runonce.reg
- 'st####yware.we.bs':80
- st####yware.we.bs/load.html
- DNS ASK st####yware.we.bs
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''