Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SysProc' = 'C:\Users\Public\Public\run.vbs'
- C:\Users\Public\Public\run.vbs
- C:\Users\Public\Public\sparrow.jpg
- C:\Users\Public\Public\new.bat
- C:\Users\Public\Public\game.bat
- C:\Users\Public\Public\game.vbs
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Public\game.vbs"
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\Public\new.bat" "
- '<SYSTEM32>\reg.exe' ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysProc /t reg_sz /d C:\Users\Public\Public\run.vbs
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\Public\game.bat" "