Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lsass.exe' = '%HOMEPATH%\Configuraзхes locais\Temp\svchost.exe'
- '<SYSTEM32>\taskkill.exe' /f /im TeaTimer.exe
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v lsass.exe /t REG_SZ /d "%HOMEPATH%\Configuraзхes locais\Temp\svchost.exe" /f
- '<SYSTEM32>\attrib.exe' +h "%HOMEPATH%\Configuraзхes locais\Temp\032.tmp"
- '<SYSTEM32>\attrib.exe' +h "%HOMEPATH%\Configuraзхes locais\Temp\svchost.exe"
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'svchost.exec'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'