Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Session Manager' = '<SYSTEM32>\winsess.exe'
- %TEMP%\1.tmp\add.exe x wip.exe winscan.exe -pfstboy
- <SYSTEM32>\winsess.exe
- <SYSTEM32>\attrib.exe +a +s +r +h <SYSTEM32>\winsess.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\2.tmp\call.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\call.bat" "
- <SYSTEM32>\reg.exe add HKCU\software\Microsoft\Windows\CurrentVersion\run /v "Session Manager" /t REG_SZ /d <SYSTEM32>\winsess.exe /F
- %TEMP%\2.tmp\call.bat
- %TEMP%\1.tmp\wip.exe
- %TEMP%\1.tmp\add.exe
- %TEMP%\1.tmp\winsess.exe
- %TEMP%\1.tmp\call.bat
- %TEMP%\1.tmp\1.bat
- %TEMP%\1.tmp\2.bat
- <SYSTEM32>\winsess.exe
- %TEMP%\1.tmp\2.bat
- ClassName: 'Indicator' WindowName: ''