Техническая информация
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\SSVK.exe
- C:\ProgramData\Windows64\812.cmd
- C:\ProgramData\Windows64\812.vbs
- C:\ProgramData\Windows64\c.cmd
- C:\ProgramData\Windows64\c.vbs
- C:\ProgramData\Windows64\e.cmd
- C:\ProgramData\Windows64\e.vbs
- %HOMEPATH%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
- C:\ProgramData\Windows64\Host.exe
- %TEMP%\$inst\0001.tmp
- C:\ProgramData\Windows64\r.cmd
- C:\ProgramData\Windows64\r.vbs
- %HOMEPATH%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk
- C:\ProgramData\Windows64\TaskService.exe
- C:\ProgramData\Windows64\TaskService.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\2.tmp
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows64\812.vbs"
- 'C:\ProgramData\Windows64\Host.exe' -p812 -dC:\ProgramData\Windows64
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows64\c.vbs"
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows64\e.vbs"
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows64\812.cmd" "
- '<SYSTEM32>\attrib.exe' +h +s C:\ProgramData\Windows64
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows64\c.cmd" "
- '<SYSTEM32>\tasklist.exe' /FI "ImageName EQ TaskService.exe "
- '<SYSTEM32>\find.exe' /I "TaskService.exe "
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows64\e.cmd" "
- '<SYSTEM32>\tasklist.exe' /FI "ImageName EQ Taskmgr.exe "
- '<SYSTEM32>\find.exe' /I "Taskmgr.exe "