Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ashiyane' = '%TEMP%\command.bat'
- '<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v ashiyane /d %TEMP%\command.bat
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "nc.exe" program enable
- %TEMP%\2800EIJ5.bat
- %TEMP%\2800EIJ5.bat
- %TEMP%\2800EIJ5.bat
- ClassName: 'Indicator' WindowName: '(null)'