Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Search and Cortana application' = '"%TEMP%\331751A7-7469-4EBD-AE44-11948BE42AF3/SearchUI.exe"'
- '%TEMP%\3313D167-7469-4EKA-BO31-11248BE42AF4\lsаss.exe' BA6117F11B9E2AB0F6E9DED3D03206BAWCV2<(]@!@)]>2864
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kecklife.bat" "
- '%TEMP%\331751A7-7469-4EBD-AE44-11948BE42AF3\SearchUI.exe'
- %TEMP%\3313D167-7469-4EKA-BO31-11248BE42AF4\lsаss.exe
- %TEMP%\kecklife.bat
- %TEMP%\331751A7-7469-4EBD-AE44-11948BE42AF3\SearchUI.exe