Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\home] 'ImagePath' = 'C:\BB\nssm.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\home] 'Start' = '00000002'
- C:\BB\upload.bat
- %TEMP%\run.bat
- %TEMP%\upload.txt
- C:\BB\6.txt
- C:\BB\7.txt
- C:\BB\nssm.exe
- %TEMP%\8.vbs
- %TEMP%\1.exe
- %TEMP%\1.bat
- %TEMP%\nssm.txt
- %TEMP%\7.txt
- %TEMP%\6.txt
- ClassName: 'EDIT' WindowName: ''
- 'C:\BB\nssm.exe' install home "C:\BB\upload.bat" start= system
- '<SYSTEM32>\wscript.exe' "%TEMP%\8.vbs"
- '%TEMP%\1.exe' -d%HOMEPATH%\Local Settings\Temp -p303
- '<SYSTEM32>\ping.exe' -n 2 127.1
- '<SYSTEM32>\ping.exe' -n 1 127.1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\run.bat" "