Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /im rundll32.exe
- %TEMP%\7ZipSfx.000\pRrRw.cmd
- %TEMP%\7ZipSfx.000\6yvqh.dll.zip
- %TEMP%\7ZipSfx.000\7za.dll
- %TEMP%\7ZipSfx.000\7za.exe
- %TEMP%\7ZipSfx.000\7zxa.dll
- %TEMP%\7ZipSfx.000\6yvqh.dll
- %TEMP%\7ZipSfx.000\6yvqh.dll в %APPDATA%\Mozilla\Mozilla.dll
- ClassName: '' WindowName: ''
- '%TEMP%\7ZipSfx.000\7za.exe' x -r -pgj,tlf,eltnpfyfvb \"C:\\DOCUME~1\\%USERNAME%\\LOCALS~1\\Temp\\7ZipSfx.000\\6yvqh.dll.zip\" -o\"C:\\DOCUME~1\\%USERNAME%\\LOCALS~1\\Temp\\7ZipSfx.000\"
- '<SYSTEM32>\cmd.exe' /c \"\"C:\\DOCUME~1\\%USERNAME%\\LOCALS~1\\Temp\\7ZipSfx.000\\pRrRw.cmd\" \"
- '<SYSTEM32>\schtasks.exe' /Delete /tn \"Tetemetry scheduled\" /f
- '<SYSTEM32>\schtasks.exe' /delete /tn \"Opera scheduled Autoupdate\" /f
- '<SYSTEM32>\schtasks.exe' /delete /tn \"Opera schedule Autoupdate\" /f
- '<SYSTEM32>\schtasks.exe' /delete /tn \"Opera\" /f
- '<SYSTEM32>\schtasks.exe' /delete /tn \"Windows fonts\" /f
- '<SYSTEM32>\rundll32.exe' \"6yvqh.dll\",rui