Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = '%APPDATA%\0.bat'
- '<SYSTEM32>\attrib.exe' +h +r +s "%APPDATA%\0.bat"
- '<SYSTEM32>\sc.exe' create Niglet binpath="%APPDATA%\0.bat"
- '<SYSTEM32>\sc.exe' start Niglet
- '<SYSTEM32>\net1.exe' stop "Windows Defender Service"
- '<SYSTEM32>\net.exe' stop "Windows Defender Service"
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Services" /t "REG_SZ" /d "%APPDATA%\0.bat"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %APPDATA%\1.png
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\0.bat" "
- '<SYSTEM32>\attrib.exe' +h +r +s lola.bat
- '<SYSTEM32>\cmd.exe' /K lola.bat
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\2.bat" "
- <Текущая директория>\lola.bat
- %APPDATA%\2.bat
- %APPDATA%\0.bat
- %APPDATA%\1.png
- %APPDATA%\0.bat
- <Текущая директория>\lola.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''