Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\--] 'ImagePath' = '<Полный путь к файлу> /wl 1'
- %WINDIR%\Temp\nst9.tmp\aWYeLDfUfBp.dll
- %WINDIR%\Temp\nslB.tmp
- %WINDIR%\Temp\nst9.tmp\System.dll
- %WINDIR%\Temp\nst9.tmp\YECHOiWmLPrKyM.dll
- %WINDIR%\Temp\nst9.tmp\vcsIGzispWp.dll
- %WINDIR%\Temp\nsbC.tmp\System.dll
- %TEMP%\nsb5.tmp\brh.dll
- %TEMP%\nsb5.tmp\nsF.tmp
- %WINDIR%\Temp\nsbC.tmp\brh.dll
- %WINDIR%\Temp\nsbC.tmp\md5dll.dll
- %WINDIR%\Temp\nsbC.tmp\brh.dat
- %WINDIR%\Temp\nst9.tmp\siEQ.mp3
- %TEMP%\nsi2.tmp\System.dll
- %TEMP%\nsi2.tmp\aWYeLDfUfBp.dll
- %TEMP%\nsi2.tmp\vcsIGzispWp.dll
- %TEMP%\nsi2.tmp\siEQ.mp3
- %TEMP%\nsi2.tmp\YECHOiWmLPrKyM.dll
- %TEMP%\nsb5.tmp\System.dll
- %TEMP%\nsb5.tmp\ns6.tmp
- %TEMP%\nsb5.tmp\ns7.tmp
- %TEMP%\nsb5.tmp\nsExec.dll
- %TEMP%\nsb5.tmp\md5dll.dll
- %TEMP%\nsb5.tmp\brh.dat
- %WINDIR%\Temp\nsbC.tmp\brh.dat
- %WINDIR%\Temp\nst9.tmp\YECHOiWmLPrKyM.dll
- %WINDIR%\Temp\nst9.tmp\vcsIGzispWp.dll
- %WINDIR%\Temp\nsbC.tmp\brh.dll
- %TEMP%\nsb5.tmp\ns7.tmp
- %WINDIR%\Temp\nsbC.tmp\System.dll
- %WINDIR%\Temp\nsbC.tmp\md5dll.dll
- %TEMP%\nsi2.tmp\vcsIGzispWp.dll
- %TEMP%\nsi2.tmp\System.dll
- %TEMP%\nsi2.tmp\siEQ.mp3
- %TEMP%\nsi2.tmp\YECHOiWmLPrKyM.dll
- %WINDIR%\Temp\nst9.tmp\System.dll
- %WINDIR%\Temp\nst9.tmp\siEQ.mp3
- %TEMP%\nsb5.tmp\ns6.tmp
- '<Полный путь к файлу>' /wl 1
- '%TEMP%\nsb5.tmp\nsF.tmp' sc delete --
- '%TEMP%\nsb5.tmp\ns6.tmp' sc create -- binPath= ""<Полный путь к файлу>" /wl 1"
- '%TEMP%\nsb5.tmp\ns7.tmp' net start --
- '<SYSTEM32>\net1.exe' start --
- '<SYSTEM32>\sc.exe' delete --
- '<SYSTEM32>\sc.exe' create -- binPath= ""<Полный путь к файлу>" /wl 1"
- '<SYSTEM32>\net.exe' start --