Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinSock' = '%WINDIR%\Temp\winsock.exe'
- %TEMP%\gg.bat
- %TEMP%\nsp2.tmp\nsExec.dll
- %TEMP%\nsp2.tmp\ns3.tmp
- %TEMP%\nsp2.tmp\System.dll
- %TEMP%\nsp2.tmp\ns3.tmp
- %TEMP%\nsp2.tmp\nsExec.dll
- %TEMP%\nsp2.tmp\System.dll
- '%TEMP%\nsp2.tmp\ns3.tmp' "<SYSTEM32>\cmd.exe" /c if 1==1 "%TEMP%\gg.bat"
- '<SYSTEM32>\cmd.exe' /c if 1==1 "%TEMP%\gg.bat"