Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SystemEsenisBreker] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SystemEsenisBreker] 'ImagePath' = '%WINDIR%\addins\siveise.exe'
- %WINDIR%\addins\siveise.exe
- %WINDIR%\addins\w.vbs
- %WINDIR%\addins\r.vbs
- %WINDIR%\addins\config.json
- %WINDIR%\addins\r.bat
- %WINDIR%\addins\seriese.exe
- %WINDIR%\addins\siveise.exe
- %WINDIR%\addins\w.vbs
- %WINDIR%\addins\r.vbs
- %WINDIR%\addins\config.json
- %WINDIR%\addins\r.bat
- %WINDIR%\addins\seriese.exe
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%WINDIR%\addins\r.vbs"
- '<SYSTEM32>\wscript.exe' w.vbs -name SystemEsenisBreker -srvany "%WINDIR%\addins\siveise.exe" -file "%WINDIR%\addins\seriese.exe"
- '%WINDIR%\addins\siveise.exe'
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\addins\r.bat" "
- '<SYSTEM32>\sc.exe' delete bengalwk
- '<SYSTEM32>\sc.exe' delete wk