Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xxxxxxxxxxxxa' = '"%WINDIR%\xxxxxxxxxx.exe"'
- %WINDIR%\xxxxxxxxxx.exe
- %TEMP%\temp.exe
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %WINDIR%\xxxxxxxxxx.exe
- %TEMP%\temp.exe
- %TEMP%\456E46CA.TMP
- 'localhost':1515