Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SvcWatch] 'Start' = '00000002'
- <SYSTEM32>\SvcWatch.exe
- %TEMP%\2.tmp /I
- %TEMP%\winscr.exe /I
- <SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
- <SYSTEM32>\SvcWatch.exe
- %TEMP%\winscr.exe
- %TEMP%\2.tmp
- %TEMP%\winscr.exe