Техническая информация
- '<SYSTEM32>\cmd.exe' /c attrib +s +h C:\BOOTNXT.sys
- '<SYSTEM32>\schtasks.exe' /Create /Sc ONLOGON /tn \Microsoft\Windows\Location\ServiceOn /tr "%WINDIR%\svchost.exe C:\BOOTNXT.sys"
- '<SYSTEM32>\attrib.exe' +s +h C:\BOOTNXT.sys
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "C:\AMD\x.doc"
- '<SYSTEM32>\cmd.exe' /c SCHTASKS /Create /Sc ONLOGON /tn \Microsoft\Windows\Location\ServiceOn /tr "%WINDIR%\svchost.exe C:\BOOTNXT.sys"
- '<SYSTEM32>\mshta.exe' %WINDIR%\Installer\App.dll
- C:\BOOTNXT.sys
- %WINDIR%\Installer\App.dll
- C:\AMD\x.doc
- %WINDIR%\svchost.exe
- C:\BOOTNXT.sys
- 'ni####.duckdns.org':8090
- '18#.#2.220.177':8090
- 'localhost':1038
- 'ni###.duckdns.org':8090
- DNS ASK ni####.duckdns.org
- DNS ASK ni###.duckdns.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''