Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Nationaljrq] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Nationaljrq] 'ImagePath' = '<SYSTEM32>\nahxas.exe'
- 'Nationaljrq' <SYSTEM32>\nahxas.exe
- %WINDIR%\syswow64\nahxas.exe
- C:\3447.vbs
- %WINDIR%\syswow64\nahxas.exe
- C:\3447.vbs
- from <Full path to file> to fuck360
- '<LOCALNET>.0.100':80
- '%WINDIR%\syswow64\nahxas.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\3447.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\3447.vbs"' (with hidden window)