Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ast7' = '%WINDIR%\system\csrss.exe'
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v S7 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Ast7 /d "%WINDIR%\system\csrss.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v WIN /f
- '<SYSTEM32>\taskkill.exe' /f /im lsass.exe
- '<SYSTEM32>\taskkill.exe' -f /im lsass.exe
- <SYSTEM32>\lsass.exe
- %WINDIR%\system\csrss.exe
- ClassName: '(null)' WindowName: '(null)'