Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\+viSpteLPcrt] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k krnlsrvc
- <SYSTEM32>\wscript.exe "<Текущая директория>\tem.vbs"
- <SYSTEM32>\notepad.exe
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <Текущая директория>\tem.vbs
- %TEMP%\115484_EfiProc.dll
- <SYSTEM32>\notepad.exe
- 'c6####9.gicp.net':998
- DNS ASK c6####9.gicp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''