Техническая информация
- '<SYSTEM32>\attrib.exe' +s +h +r "%WINDIR%/ip.exe"
- '<SYSTEM32>\attrib.exe' +s +h +r "%WINDIR%/System32/svсhost.exe"
- '<SYSTEM32>\attrib.exe' +s +h +r "%WINDIR%/SysWOW64/svсhost.exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
- '<SYSTEM32>\wscript.exe' "%TEMP%\start.js"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\install.cmd" "
- '<SYSTEM32>\chcp.com' 1251
- %WINDIR%\ip.exe
- <SYSTEM32>\svсhost.exe
- %TEMP%\ip.exe
- %TEMP%\7ZSfx000.cmd
- <SYSTEM32>\ultravnc.ini
- <SYSTEM32>\instsrv.exe
- <SYSTEM32>\srvany.exe
- <SYSTEM32>\vnchooks.dll
- <SYSTEM32>\camsvc.exe
- %TEMP%\ultravnc.ini
- %TEMP%\install.cmd
- %TEMP%\start.js
- %TEMP%\camsv.reg
- %TEMP%\camsvc.exe
- %TEMP%\svсhost.exe
- %TEMP%\vnchooks.dll
- %TEMP%\instsrv.exe
- %TEMP%\srvany.exe
- <SYSTEM32>\svсhost.exe
- %WINDIR%\ip.exe
- %TEMP%\7ZSfx000.cmd
- %TEMP%\start.js