Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SystemRoot' = 'C:%WINDIR%\Winlogon.vbs'
- C:%WINDIR%\Microsoft.bat
- C:%WINDIR%\move.bat
- C:%WINDIR%\SystemRoot.exe
- C:%WINDIR%\libeay32.dll
- C:%WINDIR%\msvcp120.dll
- C:%WINDIR%\msvcr120.dll
- C:%WINDIR%\OpenCL.dll
- C:%WINDIR%\Qt5Core.dll
- C:%WINDIR%\Qt5Network.dll
- C:%WINDIR%\ssleay32.dll
- C:%WINDIR%\Winlogon.lnk
- C:%WINDIR%\Winlogon.vbs
- C:%WINDIR%\Start.bat
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:%WINDIR%\Winlogon.vbs"
- '<SYSTEM32>\cmd.exe' /c ""C:%WINDIR%\Microsoft.bat" "
- '<SYSTEM32>\reg.exe' ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SystemRoot /t REG_SZ /d "C:%WINDIR%\Winlogon.vbs"
- '<SYSTEM32>\cmd.exe' /c ""C:%WINDIR%\move.bat" "
- '<SYSTEM32>\cmd.exe' /c ""C:%WINDIR%\start.bat" "