Техническая информация
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "AntivirusFolder" /rl highest /tr "'%ProgramFiles%\Client\WindowsUpdate.exe' /startup" /f
- <SYSTEM32>\svchost.exe
- %TEMP%\7jBDs6C
- %TEMP%\nsw3.tmp\System.dll
- %ProgramFiles%\Client\WindowsUpdate.exe
- %TEMP%\nsg2.tmp
- %TEMP%\ozu2ql5jLab=
- %TEMP%\offer.html
- 'localhost':1110
- '21#.#.192.248':1110