Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '0' = '"<LS_APPDATA>\0.exe" 0 25 '
- <LS_APPDATA>\0.exe -i 2756
- <SYSTEM32>\cmd.exe /c """%TEMP%\tmp1.bat"" "
- %TEMP%\tmp1.bat
- <LS_APPDATA>\0.exe
- '21#.#50.123.104':80
- 21#.#50.123.104/cb_soft.php?q=################################
- 21#.#50.123.104/cb_loader.php?q=################################
- ClassName: 'Shell_TrayWnd' WindowName: ''