Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RealtekDrivers' = 'C:\ProgramData\Windows\RealtekDriversHD.lnk'
- %TEMP%\help.bat
- %TEMP%\Install.exe
- C:\ProgramData\Windows\Go.bat
- C:\ProgramData\Windows\Hide.bat
- C:\ProgramData\Windows\RuntimeBroker.bat
- C:\ProgramData\Windows\System32.exe
- C:\ProgramData\Windows\RealtekDriversHD.lnk
- C:\ProgramData\Windows\Auto.vbs
- C:\ProgramData\Windows\Go.vbs
- C:\ProgramData\Windows\Hide.vbs
- C:\ProgramData\Windows\WindowsDefendernotificationicon.VBS
- %TEMP%\Install.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\Install.exe' -p170513
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows\Auto.vbs"
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows\Go.vbs"
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows\Hide.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\help.bat" "
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows\Go.bat" "
- '<SYSTEM32>\cmd.exe' /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
- '<SYSTEM32>\tasklist.exe' /NH /FI "IMAGENAME eq Taskmgr.exe"
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows\Hide.bat" "
- '<SYSTEM32>\attrib.exe' C:\ProgramData\Windows +H +S /D
- '<SYSTEM32>\attrib.exe' C:\ProgramData\Windows\*.* +H +S /D