Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\tdl] 'Name' = '%TEMP%\3.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\ixjkikorcriyueq] 'imagepath' = '%WINDIR%\TEMP\4.tmp'
- '%TEMP%\FdU1.exe'
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Temp\4.tmp
- %TEMP%\2.tmp
- %TEMP%\FdU1.exe
- %WINDIR%\Temp\4.tmp
- %TEMP%\3.tmp
- %TEMP%\3.tmp в %WINDIR%\Temp\6.tmp
- %TEMP%\FdU1.exe в %TEMP%\5.tmp
- %TEMP%\2.tmp в %TEMP%\3.tmp