Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'HBASKTAO.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HBService32' = 'System.exe'
- '<SYSTEM32>\System.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\SelfDel.bat" "
- ClassName: 'AskTao' WindowName: '(null)'
- %TEMP%\SelfDel.bat
- <SYSTEM32>\HBASKTAO.dll
- <SYSTEM32>\System.exe