Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Google Update' = 'C:\Programfles\run.exe'
- C:\Programfles\run.exe
- C:\Programfles\config.json
- %TEMP%\tmp1.tmp.bat
- C:\Programfles\conhost.exe
- C:\Programfles\VaultSysUi.exe
- C:\Programfles\nircmd.exe
- C:\Programfles\run.exe
- C:\Programfles\VaultSysUi.exe
- C:\Programfles\nircmd.exe
- C:\Programfles\config.json
- C:\Programfles\conhost.exe
- %TEMP%\tmp1.tmp.bat
- 'C:\Programfles\nircmd.exe' exec hide conhost.exe
- '<SYSTEM32>\attrib.exe' +s +a +h C:\Programfles\*
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 60 /tn GoogleUpdatereg /tr C:\Programfles\run.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp1.tmp.bat" "
- '<SYSTEM32>\attrib.exe' +s +a +h C:\Programfles