Техническая информация
- '<SYSTEM32>\svchost.exe' "%TEMP%\Demo_0.exe"
- '%TEMP%\Demo_0.exe'
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\Start Menu\__.LNK
- %TEMP%\Demo_0.exe
- %WINDIR%\Com\comrepl.exe
- %TEMP%\Demo_0.exe
- %ALLUSERSPROFILE%\Start Menu\__.LNK
- 'cn###.#pecialcdn.com':80
- DNS ASK cn###.#pecialcdn.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RavMonDSessions' WindowName: ''