Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Sysmppcvppp' = '<SYSTEM32>\Rundll32.exe "<SYSTEM32>\SysTdSvr.dll",Start'
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\SysTdSvr.dll",Start
- <SYSTEM32>\SysTdSvr.dll.tmp
- <SYSTEM32>\cwebpage.dll.tmp
- %TEMP%\tmp1.CAB
- %TEMP%\tmp2.CAB
- %TEMP%\tmp2.CAB
- %TEMP%\tmp1.CAB
- <SYSTEM32>\cwebpage.dll.tmp в <SYSTEM32>\cwebpage.dll
- <SYSTEM32>\SysTdSvr.dll.tmp в <SYSTEM32>\SysTdSvr.dll