Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hollan' = '<SYSTEM32>\haxer.vbs'
- '<SYSTEM32>\tskill.exe' lsass.exe
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "hollan" /d "<SYSTEM32>\haxer.vbs"
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- <SYSTEM32>\haxer.vbs
- %TEMP%\ztmp\tmp54371.exe
- %TEMP%\ztmp\tmp20571.bat
- %TEMP%\ztmp\tmp54371.exe