Техническая информация
- '<SYSTEM32>\schtasks.exe' /create /tn "Security Check" /tr "<DRIVERS>erv.exe" /rl HIGHEST /sc onlogon /f /np
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'RunInvalidSignatures' = '00000001'
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
- %TEMP%\dw.log
- %TEMP%\23166.dmp
- <DRIVERS>erv.exe
- <SYSTEM32>\50077006-e5e7-45a3-9ef6-be1ee4b6f6d5.tmp
- <DRIVERS>erv.exe
- '93.##4.90.67':80
- 'wp#d':80
- 93.##4.90.67/xtx/recipes.txt
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'