Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] 'Chrome' = '%WINDIR%\servicecrsssr.vbs'
- %WINDIR%\winprs.bat
- %WINDIR%\winvprse.bat
- %WINDIR%\wmipvrse.exe
- %WINDIR%\libcrypto-1_1-x64.dll
- %WINDIR%\libcurl-4.dll
- %WINDIR%\libgcc_s_seh-1.dll
- %WINDIR%\libstdc++-6.dll
- %WINDIR%\libwinpthread-1.dll
- %WINDIR%\zlib1.dll
- %WINDIR%\servicecrsssr.vbs
- %WINDIR%\winvpr.vbs
- %WINDIR%\xdgaudio.vbs
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%WINDIR%\servicecrsssr.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\winvpr.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\winvprse.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\winprs.bat" "
- '<SYSTEM32>\tasklist.exe' /FI "IMAGENAME eq wmipvrse.exe"
- '<SYSTEM32>\reg.exe' ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run /v "Chrome" /f /t REG_SZ /d "%WINDIR%\servicecrsssr.vbs"
- '<SYSTEM32>\find.exe' /I /N "wmipvrse.exe"