Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\avtozapusk.lnk
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\system86\check.vbs"
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\system86\delete.vbs"
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\system86\avtozapusk.vbs"
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\system86\check.cmd" "
- '<SYSTEM32>\cmd.exe' /c tasklist /NH /FI "IMAGENAME eq SecurityHost.exe"
- '<SYSTEM32>\tasklist.exe' /NH /FI "IMAGENAME eq SecurityHost.exe"
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\system86\delete.cmd" "
- '<SYSTEM32>\tasklist.exe' /FI "ImageName EQ taskmgr.exe"
- '<SYSTEM32>\find.exe' /I "taskmgr.exe"
- C:\ProgramData\system86\check.vbs
- C:\ProgramData\system86\avtozapusk.vbs
- C:\ProgramData\system86\start.vbs
- C:\ProgramData\system86\delete.vbs
- C:\ProgramData\system86\start.lnk
- C:\ProgramData\system86\delete.cmd
- C:\ProgramData\system86\check.cmd
- C:\ProgramData\system86\SecurityHost.exe
- C:\ProgramData\system86\start.cmd
- ClassName: 'EDIT' WindowName: ''