Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NTService] 'Start' = '00000002'
- %WINDIR%\Drives\NTService.exe
- %WINDIR%\Drives\NTServiceCtrl.exe
- <SYSTEM32>\xcopy.exe /s /h \*.ppt c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h \*.xls c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h \*.txt* c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.zip* c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h \*.doc* c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h \*.pptx c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h \*.xlsx c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h \*.docx c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h \*.inp c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h \*.pdf c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.xlsx c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.txt* c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.ppt c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.doc* c:\recycler\cache\
- <SYSTEM32>\wscript.exe "%WINDIR%\Drives\run.vbs"
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\Drives\run.bat" "
- <SYSTEM32>\xcopy.exe /s /h A:\*.docx c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.pptx c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.pdf c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.xls c:\recycler\cache\
- <SYSTEM32>\xcopy.exe /s /h A:\*.inp c:\recycler\cache\
- <SYSTEM32>\xcopy.exe
- %WINDIR%\Drives\run.vbs
- %WINDIR%\Drives\NTService.exe
- %WINDIR%\Drives\NTServiceCtrl.exe
- %WINDIR%\Drives\run.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''