Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SVCHost Windows' = '%TEMP%\svchost.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\SVCHost Windows.lnk
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 3000
- '<SYSTEM32>\cmd.exe' /c %TEMP%\mdel.bat
- %TEMP%\svchost.exe
- %TEMP%\mdel.bat
- '17#.#9.99.42':80
- 17#.#9.99.42/sf/gate.php