Техническая информация
- %WINDIR%\Tasks\ModuleICO.job
- %HOMEPATH%\Start Menu\Programs\Startup\OfficeSetting.lnk
- %TEMP%\7ZipSfx.000\delsold.cmd
- %TEMP%\7ZipSfx.000\sosun.cmd
- %TEMP%\7ZipSfx.000\setup.dll
- %WINDIR%\Microsoft\Office\Module\ModuleICO.exe
- %TEMP%\7ZipSfx.001\downspreads.cmd
- %TEMP%\7ZipSfx.001\updates.cmd
- %TEMP%\7ZipSfx.001\OfficeModule.exe
- %TEMP%\7ZipSfx.000\sosun.cmd в %TEMP%\7ZipSfx.000\DHKDJ.cmd
- '%WINDIR%\Microsoft\Office\Module\ModuleICO.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\delsold.cmd" "
- '<SYSTEM32>\cmd.exe' /S /D /c" ver "
- '<SYSTEM32>\find.exe' /i "5.1"
- '<SYSTEM32>\cmd.exe' /c tasklist /FI "IMAGENAME eq ModuleICO.exe" | find /C "ModuleICO.exe"
- '<SYSTEM32>\tasklist.exe' /FI "IMAGENAME eq ModuleICO.exe"
- '<SYSTEM32>\find.exe' /C "ModuleICO.exe"
- '<SYSTEM32>\schtasks.exe' /Create /sc MINUTE /mo 12 /ru "SYSTEM" /tn ModuleICO /tr "%WINDIR%\Microsoft\Office\Module\ModuleICO.exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.001\downspreads.cmd" "
- '<SYSTEM32>\mshta.exe' vbscript:Execute("Set x=CreateObject(""WScript.Shell""):Set y=x.CreateShortcut(x.SpecialFolders(""Startup"")+""\OfficeSetting.lnk""):y.TargetPath=""%WINDIR%\Microsoft\Office\Module\ModuleICO.ex...
- '<SYSTEM32>\reg.exe' QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden
- '<SYSTEM32>\find.exe' "0x2"