Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svctt' = '%WINDIR%\config\explorar.exe'
- '<SYSTEM32>\taskkill.exe' /pid=1084
- '<SYSTEM32>\taskkill.exe' /pid=3580
- '<SYSTEM32>\taskkill.exe' /pid=2784
- '<SYSTEM32>\taskkill.exe' /pid=3992
- '<SYSTEM32>\taskkill.exe' /pid=2912
- '<SYSTEM32>\taskkill.exe' /pid=428
- '<SYSTEM32>\taskkill.exe' /pid=3480
- '<SYSTEM32>\taskkill.exe' /pid=3632
- '<SYSTEM32>\taskkill.exe' /pid=1204
- '<SYSTEM32>\taskkill.exe' /pid=3488
- '<SYSTEM32>\taskkill.exe' /pid=4072
- '<SYSTEM32>\taskkill.exe' /pid=2588
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svctt" /t REG_SZ /d "%WINDIR%\config\explorar.exe" /f
- '<SYSTEM32>\taskkill.exe' /F /IM opera.exe
- '<SYSTEM32>\taskkill.exe' /F /IM firefox.exe
- '<SYSTEM32>\taskkill.exe' /pid=3000
- '<SYSTEM32>\taskkill.exe' /pid=1496
- '<SYSTEM32>\taskkill.exe' /pid=3400
- '<SYSTEM32>\taskkill.exe' /pid=756
- '<SYSTEM32>\taskkill.exe' /pid=2952
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\taskkill.exe
- <SYSTEM32>\drwtsn32.exe
- firefox.exe
- opera.exe
- %WINDIR%\Config\explorar.exe
- ClassName: '(null)' WindowName: '(null)'