Техническая информация
- %HOMEPATH%\start menu\programs\startup\dllm.js
- %HOMEPATH%\start menu\programs\startup\setup.js
- %TEMP%\setup.exe
- %TEMP%\dllm.js
- %TEMP%\setup.js
- %TEMP%\dup2patcher.dll
- %TEMP%\dllm.vbs
- http://www.m9#.net/uploads/15621655811.jpg
- DNS ASK m9#.net
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\setup.js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\dllm.js"
- '%TEMP%\setup.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\dllm.vbs"
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js