Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = 'C:\.vbs'
- <SYSTEM32>\wscript.exe "C:\.vbs"
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /ve /d "C:\.vbs" /f
- C:\.vbs
- %TEMP%\2448CA1A.Bat
- %TEMP%\2448CA1A.Bat
- '11#.#18.181.150':6080
- 'localhost':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''