Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'scrss' = '<SYSTEM32>\config\scrss.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '<SYSTEM32>\config\smss.lnk'
- <SYSTEM32>\config\network.exe
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MSConfig
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v scrss /t REG_SZ /d <SYSTEM32>\config\scrss.exe
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v svchost /t REG_SZ /d <SYSTEM32>\config\smss.lnk
- <SYSTEM32>\config\scrss.exe
- <SYSTEM32>\config\svchost.exe
- <SYSTEM32>\config\smss.lnk
- <SYSTEM32>\config\network.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''