Техническая информация
- C:\ProgramData\Windows86\vp8encoder.dll
- C:\ProgramData\Windows86\ovbv.vbs
- C:\ProgramData\Windows86\tllju.rar
- C:\ProgramData\Windows86\zzqvv.vbs
- C:\ProgramData\Windows86\vhefdy.bat
- C:\ProgramData\Windows86\tjghv.reg
- C:\ProgramData\Windows86\svchoot.exe
- C:\ProgramData\Windows86\javaserver.exe
- %ProgramFiles%\Company\SetUp\rand1.sfx.exe
- %ProgramFiles%\Company\SetUp\Новый .vbs
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- C:\ProgramData\Windows86\Rar.exe
- C:\ProgramData\Windows86\nwpw.bat
- C:\ProgramData\Windows\rand1.exe
- C:\ProgramData\Windows86\run.vbs
- %ProgramFiles%\Company\SetUp\rand1.sfx.exe
- C:\ProgramData\Windows86\tllju.rar
- C:\ProgramData\Windows86\zzqvv.vbs
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'EDIT' WindowName: ''
- 'C:\ProgramData\Windows86\Rar.exe' e -p19895352 tllju.rar
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows86\ovbv.vbs"
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows86\zzqvv.vbs"
- '%ProgramFiles%\Company\SetUp\rand1.sfx.exe' -p777
- 'C:\ProgramData\Windows\rand1.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows86\vhefdy.bat" "
- '<SYSTEM32>\attrib.exe' +s +h "C:\ProgramData\Windows86"
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows86\nwpw.bat" "
- '<SYSTEM32>\wscript.exe' "%ProgramFiles%\Company\SetUp\Новый .vbs"