Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '123' = '%WINDIR%\123123\123.vbs'
- <SYSTEM32>\reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v 123 /t REG_SZ /d %WINDIR%\123123\123.vbs /f
- <SYSTEM32>\wscript.exe "%WINDIR%\123123\123.vbs"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\ivangog.bat" "
- <SYSTEM32>\attrib.exe "%WINDIR%\123123" +h +s
- %WINDIR%\123123\123.vbs
- %TEMP%\1.tmp\ivangog.bat
- %TEMP%\1.tmp\ivangog.bat