Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hotdlll' = '<SYSTEM32>\WinUpdate.cmd'
- %WINDIR%\Tasks\startt.job
- <SYSTEM32>\schtasks.exe /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system
- <SYSTEM32>\part.log
- <SYSTEM32>\WinUpdate.cmd
- C:\autoexec.bat
- '74.##5.232.51':25
- DNS ASK gs####85.google.com
- '10.#.1.1':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''