Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\keygen server.lnk
- 'C:\Users\%USERNAME%\AppData\Local\Microsoft\keygen server.exe'
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ztmp\t3539.bat" "
- C:\Users\%USERNAME%\AppData\Local\Microsoft\zlib1.dll
- %TEMP%\ztmp\t3539.bat
- %TEMP%\ztmp\t3588.exe
- C:\Users\%USERNAME%\AppData\Local\Microsoft\keygen server.exe
- C:\Users\%USERNAME%\AppData\Local\Microsoft\libcurl.dll
- C:\Users\%USERNAME%\AppData\Local\Microsoft\svchost.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'