Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /im ModuleICO.exe
- %TEMP%\7ZipSfx.000\delsold.cmd
- %TEMP%\7ZipSfx.000\sosun.cmd
- %TEMP%\7ZipSfx.000\setup.dll
- %APPDATA%\Microsoft\Office\Module\ModuleICO.exe
- %TEMP%\7ZipSfx.001\downspreads.cmd
- %TEMP%\7ZipSfx.001\updates.cmd
- %TEMP%\7ZipSfx.001\OfficeModule.exe
- ClassName: '' WindowName: ''
- '%APPDATA%\Microsoft\Office\Module\ModuleICO.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\delsold.cmd" "
- '<SYSTEM32>\cmd.exe' /c tasklist /FI "IMAGENAME eq ModuleICO.exe" | find /C "ModuleICO.exe"
- '<SYSTEM32>\tasklist.exe' /FI "IMAGENAME eq ModuleICO.exe"
- '<SYSTEM32>\find.exe' /C "ModuleICO.exe"
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 12 /F /tn ModuleICO /tr "%APPDATA%\Microsoft\Office\Module\ModuleICO.exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.001\downspreads.cmd" "
- '<SYSTEM32>\cmd.exe' /c vol c: