Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Svhost' = 'C:\Hwnd\Svhost.exe'
- '%HOMEPATH%\Hwnd\svhost.exe'
- '<SYSTEM32>\reg.exe' IMPORT Hwnd\temp.reg
- '<SYSTEM32>\cmd.exe' /c "%HOMEPATH%\Hwnd\temp.bat"
- %HOMEPATH%\Hwnd\temp.reg
- %HOMEPATH%\Hwnd\temp.bat
- C:\test.txt
- C:\Hwnd\svhost.exe
- %HOMEPATH%\Hwnd\svhost.exe
- %HOMEPATH%\Hwnd\temp.reg
- %TEMP%\~DF163A.tmp
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'