Техническая информация
- %WINDIR%\Explorer.EXE
- %TEMP%\bt3228.bat
- %TEMP%\bt3228.bat
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c %TEMP%\bt3228.bat
- '<SYSTEM32>\tskill.exe' explorer
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\rundll32.exe' fldrclnr.dll,Wizard_RunDLL
- '<SYSTEM32>\shutdown.exe' -s -t 240 -c "its not virus,you have 4 minutes to freeze the shutdown process"