Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'QualcommAtheros' = '%APPDATA%\ProgramFile\shadow.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ConsentPromptBehaviorAdmin' = '%APPDATA%\Logiteh\splwowc.exe'
- %APPDATA%\Logiteh\wincheck.xml
- %APPDATA%\Splwow\bqsadmin.exe
- %APPDATA%\ProgramFile\shadow.exe
- %APPDATA%\Logiteh\splwowc.exe
- %APPDATA%\fid.txt
- '<SYSTEM32>\schtasks.exe' /create /xml "%APPDATA%\Logiteh\wincheck.xml" /tn WindowsOffis\WordPad\SysLi /f