Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Dwm' = 'C:\Program'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Dwm' = 'C:\Program'
- '%TEMP%\csrss.exe' -keyhide -prochide 2780 -reg %PROGRAM_FILES%\Dwm.exe -proc 2780 %PROGRAM_FILES%\Dwm.exe
- '%PROGRAM_FILES%\Dwm.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\Dwm" /XML "%TEMP%\184346724.xml"
- %TEMP%\csrss.exe
- %APPDATA%\Roaming\97C09787-6498-4B10-8F65-9471D842C55E\run.dat
- <SYSTEM32>\Tasks\Update\Dwm
- %PROGRAM_FILES%\Dwm.exe
- %TEMP%\184346724.xml
- %TEMP%\csrss.exe
- %TEMP%\184346724.xml
- DNS ASK dn#.##ftncsi.com
- DNS ASK jo#####me.duckdns.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''