Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] 'Chrome' = '%WINDIR%\servicecrsssr.vbs'
- %WINDIR%\libssl-1.0.0.dll
- %WINDIR%\libssl.dll
- %WINDIR%\libsigc-2.0-0.dll
- %WINDIR%\libjson-c-2.dll
- %WINDIR%\libsasl.dll
- %WINDIR%\libstdc++-6.dll
- %WINDIR%\winvpr.vbs
- %WINDIR%\xdgaudio.vbs
- %WINDIR%\servicecrsssr.vbs
- %WINDIR%\libwinpthread-1.dll
- %WINDIR%\libz-1.dll
- %WINDIR%\libcrypto-1.0.0.dll
- %WINDIR%\libcrypto.dll
- %WINDIR%\wmipvrse.exe
- %WINDIR%\winprs.bat
- %WINDIR%\winvprse.bat
- %WINDIR%\libcurl-4.dll
- %WINDIR%\libgmpxx-4.dll
- %WINDIR%\libjansson-4.dll
- %WINDIR%\libgmp-10.dll
- %WINDIR%\libgcc_s_dw2-1.dll
- %WINDIR%\libgcc_s_seh-1.dll
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%WINDIR%\winvpr.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\servicecrsssr.vbs"
- '<SYSTEM32>\find.exe' /I /N "wmipvrse.exe"
- '<SYSTEM32>\reg.exe' ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run /v "Chrome" /f /t REG_SZ /d "%WINDIR%\servicecrsssr.vbs"
- '<SYSTEM32>\tasklist.exe' /FI "IMAGENAME eq wmipvrse.exe"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\winvprse.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\winprs.bat" "