Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SystemDrive' = 'C:\SystemDrive\RedLan.vbs'
- C:\SystemDrive\Microsoft.bat
- C:\SystemDrive\move.bat
- C:\SystemDrive\SystemDrive.exe
- C:\SystemDrive\libeay32.dll
- C:\SystemDrive\msvcp120.dll
- C:\SystemDrive\msvcr120.dll
- C:\SystemDrive\OpenCL.dll
- C:\SystemDrive\Qt5Core.dll
- C:\SystemDrive\Qt5Network.dll
- C:\SystemDrive\ssleay32.dll
- C:\SystemDrive\RedLan.lnk
- C:\SystemDrive\RedLan.vbs
- C:\SystemDrive\start.bat
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\SystemDrive\RedLan.vbs"
- '<SYSTEM32>\cmd.exe' /c ""C:\SystemDrive\Microsoft.bat" "
- '<SYSTEM32>\reg.exe' ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SystemDrive /t REG_SZ /d "C:\SystemDrive\RedLan.vbs"
- '<SYSTEM32>\cmd.exe' /c ""C:\SystemDrive\move.bat" "
- '<SYSTEM32>\cmd.exe' /c ""C:\SystemDrive\start.bat" "