Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GoogleUpdateTaskMachineOSx' = 'C:\Users\Public\Libraries\OS.jar'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GoogleUpdateTaskMachineOS' = 'C:\Users\Public\Libraries\OS.vbs'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GoogleUpdateTaskMachineOSs' = 'C:\Users\Public\Libraries\WmiPrvSE.exe'
- C:\Users\Public\Libraries\sc.vbs
- C:\Users\Public\Libraries\WmiPrvSE.exe
- %TEMP%\1.tmp\2.tmp\3.vbs
- C:\Users\Public\Libraries\OS.vbs
- C:\Users\Public\Libraries\POc.vbs
- C:\Users\Public\Libraries\OS.bat
- C:\Users\Public\Libraries\OS.vbs
- C:\Users\Public\Libraries\OS.bat
- C:\Users\Public\Libraries\POc.vbs
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Libraries\sc.vbs"
- 'C:\Users\Public\Libraries\WmiPrvSE.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\1.tmp\2.tmp\3.vbs" //Nologo
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Libraries\OS.vbs"
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Libraries\POc.vbs"
- '<SYSTEM32>\cmd.exe' /C C:\Users\Public\Libraries\OS.bat