Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'SystemService' = '%TEMP%\gbot\svchost.exe'
- '%TEMP%\gbot\svchost.exe'
- '%TEMP%\boot.exe'
- '%TEMP%\Activador W8 V3.exe'
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run /V "SystemService" /D "%TEMP%\gbot\svchost.exe" /F
- %TEMP%\bc
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\getcmd[1].php
- %TEMP%\gbot\svchost.exe
- %TEMP%\Activador W8 V3.exe
- %TEMP%\boot.exe
- %TEMP%\bc
- 'ha##kl.cc':80
- ha##kl.cc/tn/getcmd.php?ui###############
- DNS ASK ha##kl.cc
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'