Техническая информация
- %WINDIR%\Tasks\System.job
- %WINDIR%\svchost.exe
- %TEMP%\1.tmp\regedit.exe
- <SYSTEM32>\schtasks.exe /create /tn "System" /sc minute /mo 1 /ru "NT AUTHORITY\SYSTEM" /tr "%WINDIR%\svchost.exe"
- <SYSTEM32>\attrib.exe +s +h %WINDIR%\svchost.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\regedit.bat" "
- [<HKLM>\SOFTWARE\Microsoft\MessengerService]
- %TEMP%\1.tmp\regedit.exe
- %WINDIR%\svchost.exe
- %TEMP%\1.tmp\regedit.bat
- %TEMP%\1.tmp\svchost.exe
- %WINDIR%\svchost.exe
- %TEMP%\1.tmp\regedit.bat
- %TEMP%\1.tmp\regedit.exe
- %TEMP%\1.tmp\svchost.exe
- '77.##.207.178':194
- ClassName: '' WindowName: 'Hello'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''