Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\bs_syslkjhgf] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\bs_syslkjhgf] 'ImagePath' = '<SYSTEM32>\bs_serverlkjhgfd.exe'
- 'bs_syslkjhgf' <SYSTEM32>\bs_serverlkjhgfd.exe
- %WINDIR%\syswow64\bs_serverlkjhgfd.exe
- %WINDIR%\syswow64\bs_serverlkjhgfd.txt
- C:\del.bat
- %WINDIR%\syswow64\bs_serverlkjhgfd.txt в %WINDIR%\syswow64\bs_serverlkjhgfd.exe
- %WINDIR%\syswow64\bs_serverlkjhgfd.txt
- '%WINDIR%\syswow64\bs_serverlkjhgfd.exe'
- '%WINDIR%\syswow64\cmd.exe' /c c:\del.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c c:\del.bat