Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'scvhost.exe' = '%WINDIR%\scvhost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\taskkill.exe' /f /im Wow.exe
- '<SYSTEM32>\cmd.exe' /c C:\kill.bat
- C:\kill.bat
- %WINDIR%\scvhost.exe
- ClassName: '(null)' WindowName: '(null)'