Техническая информация
- [<HKCU>\software\microsoft\windows\currentversion\run] 'bootstartup' = '%HOMEPATH%\boot-startup.vbs'
- %HOMEPATH%\node.exe
- %HOMEPATH%\new_script.txt
- %HOMEPATH%\shell.bat
- %HOMEPATH%\boot-startup.vbs
- C:\users\public\explorer.exe
- %HOMEPATH%\boot-startup.vbs
- %HOMEPATH%\shell.bat
- 'ma####ts.ddns.net':4444
- DNS ASK ma####ts.ddns.net
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\boot-startup.vbs"
- '%HOMEPATH%\node.exe' new_script.txt
- 'C:\users\public\explorer.exe'
- '%WINDIR%\syswow64\cmd.exe' /c cd %HOMEPATH% & attrib +s +h +a *.vbs & attrib +s +h +a *.bat & reg add Hkey_CURRENT_USER\software\microsoft\windows\currentversion\run /v bootstartup /t reg_sz /d %HOMEPATH%\boot-startup.vb...' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /s /c "%systemdrive%\Users\Public\explorer.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c cd %HOMEPATH% & attrib +s +h +a *.vbs & attrib +s +h +a *.bat & reg add Hkey_CURRENT_USER\software\microsoft\windows\currentversion\run /v bootstartup /t reg_sz /d %HOMEPATH%\boot-startup.vb...
- '%WINDIR%\syswow64\attrib.exe' +s +h +a *.vbs
- '%WINDIR%\syswow64\attrib.exe' +s +h +a *.bat
- '%WINDIR%\syswow64\reg.exe' add Hkey_CURRENT_USER\software\microsoft\windows\currentversion\run /v bootstartup /t reg_sz /d %HOMEPATH%\boot-startup.vbs /f
- '%WINDIR%\syswow64\cmd.exe' /s /c "%systemdrive%\Users\Public\explorer.exe"