Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{2MMBDOLM-PAS5-PDZM-5FNA-HABYUOKMGYKG}' = '"%APPDATA%\amd64_microsoft-windows-d..ne-dsdiag.resources_31bf3856ad364e35_10.0.16299.15_ru-ru...
Вредоносные функции:
Внедряет код в
следующие пользовательские процессы:
- logs.exe
Ищет следующие окна с целью
обнаружения утилит для анализа:
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
Изменения в файловой системе:
Создает следующие файлы:
- C:\ProgramData\CopyPaste\hotcp.exe
- %ProgramFiles%\HotCopyPaste\Sound\is-GATCH.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-5A714.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-44JD3.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-VE9IB.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-LQLER.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-5LJSJ.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-KMQ4P.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-T37T9.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-S5CR7.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-MDTA2.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-GKQ9P.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-TVL9M.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-9PDKU.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-B2A3Q.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-ACB11.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-0L0VA.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-6FSJ7.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-VMJ82.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-1A542.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-UB22U.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-QAJ1B.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-22LP3.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-B6FQR.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-LIKHB.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-I2G1D.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-Q9R51.tmp
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Hot Copy Paste.lnk
- %ALLUSERSPROFILE%\Desktop\Hot Copy Paste.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Hot Copy Paste\Uninstall Hot Copy Paste.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Hot Copy Paste\Hot Copy Paste on the Web.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Hot Copy Paste\Options.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Hot Copy Paste\Hot Copy Paste Help.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Hot Copy Paste\Hot Copy Paste.lnk
- %ProgramFiles%\HotCopyPaste\is-DVKUD.tmp
- %ProgramFiles%\HotCopyPaste\is-S6T79.tmp
- %ProgramFiles%\HotCopyPaste\is-B5TST.tmp
- %ProgramFiles%\HotCopyPaste\is-1556G.tmp
- %ProgramFiles%\HotCopyPaste\is-9L032.tmp
- %ProgramFiles%\HotCopyPaste\is-C9J6E.tmp
- %ProgramFiles%\HotCopyPaste\is-ESO5B.tmp
- %ProgramFiles%\HotCopyPaste\is-JB0NV.tmp
- %ProgramFiles%\HotCopyPaste\is-DAPDI.tmp
- %ProgramFiles%\HotCopyPaste\is-RMTGA.tmp
- %ProgramFiles%\HotCopyPaste\is-CR0CN.tmp
- %ProgramFiles%\HotCopyPaste\is-KCCIR.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-N9BT4.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-SDMB8.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-F50KA.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-D22NC.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-DCR03.tmp
- %ProgramFiles%\HotCopyPaste\unins000.msg
- %ProgramFiles%\HotCopyPaste\Sound\is-9I31U.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-7J4T4.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-NSU2R.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-D5C0E.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-FNAQ0.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-1VSKV.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-AQO00.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-MVNL8.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-P2KQO.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-I37S4.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-SD8SE.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-4HEJI.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-LJSQ4.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-N1BDE.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-5QV6C.tmp
- %ProgramFiles%\HotCopyPaste\is-EBI4H.tmp
- %TEMP%\is-QD6Q7.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-MN7FK.tmp\update.tmp
- C:\ProgramData\HPC\cert.vbs
- C:\ProgramData\HPC\logs.bat
- C:\ProgramData\HPC\update.exe
- C:\ProgramData\CopyPaste\logs.exe
- C:\ProgramData\CopyPaste\report.vbs
- C:\ProgramData\CopyPaste\cert.exe
- %ProgramFiles%\HotCopyPaste\Lang\is-4KEMR.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-LVK6S.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-CN5VQ.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-GUMQM.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-I1RM9.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-SNUSI.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-14UU2.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-KQRUE.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-B0NRU.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-6UTN3.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-R5O76.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-35GB8.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-O8BQA.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-QMMPP.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-IRKL4.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-OR3LR.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-0P9EK.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-KEIGR.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-5HQN4.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-G4LKE.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-UT2A5.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-9GCCH.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-E81GF.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-I1M1A.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-GAHI4.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-NKL14.tmp
- %ProgramFiles%\HotCopyPaste\Lang\is-T3AOC.tmp
- %ProgramFiles%\HotCopyPaste\Sound\is-DMOUI.tmp
- %ProgramFiles%\HotCopyPaste\unins000.dat
Присваивает атрибут 'скрытый' для следующих файлов:
- %APPDATA%\amd64_microsoft-windows-d..ne-dsdiag.resources_31bf3856ad364e35_10.0.16299.15_ru-ru_b16e4203bf8d9fd5\wcmapi.exe
Перемещает следующие файлы:
- %ProgramFiles%\HotCopyPaste\is-EBI4H.tmp в %ProgramFiles%\HotCopyPaste\unins000.exe
- %ProgramFiles%\HotCopyPaste\Sound\is-44JD3.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch8.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-VE9IB.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch7.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-LQLER.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch6.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-5LJSJ.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch5.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-KMQ4P.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch4.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-T37T9.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch3.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-S5CR7.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch2.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-MDTA2.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch1.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-22LP3.tmp в %ProgramFiles%\HotCopyPaste\Sound\Gurgle3.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-TVL9M.tmp в %ProgramFiles%\HotCopyPaste\Sound\Quiet8.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-9PDKU.tmp в %ProgramFiles%\HotCopyPaste\Sound\Quiet6.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-B2A3Q.tmp в %ProgramFiles%\HotCopyPaste\Sound\Quiet5.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-ACB11.tmp в %ProgramFiles%\HotCopyPaste\Sound\Quiet4.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-0L0VA.tmp в %ProgramFiles%\HotCopyPaste\Sound\Quiet3.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-6FSJ7.tmp в %ProgramFiles%\HotCopyPaste\Sound\Quiet2.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-VMJ82.tmp в %ProgramFiles%\HotCopyPaste\Sound\Quiet1.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-1A542.tmp в %ProgramFiles%\HotCopyPaste\Sound\Hammer.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-UB22U.tmp в %ProgramFiles%\HotCopyPaste\Sound\Gurgle5.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-B6FQR.tmp в %ProgramFiles%\HotCopyPaste\Sound\Quiet7.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-QAJ1B.tmp в %ProgramFiles%\HotCopyPaste\Sound\Gurgle4.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-5A714.tmp в %ProgramFiles%\HotCopyPaste\Sound\Switch9.wav
- %ProgramFiles%\HotCopyPaste\is-CR0CN.tmp в %ProgramFiles%\HotCopyPaste\hcp.url
- %ProgramFiles%\HotCopyPaste\is-S6T79.tmp в %ProgramFiles%\HotCopyPaste\License.rtf
- %ProgramFiles%\HotCopyPaste\is-B5TST.tmp в %ProgramFiles%\HotCopyPaste\hcp.chm
- %ProgramFiles%\HotCopyPaste\is-1556G.tmp в %ProgramFiles%\HotCopyPaste\hcpDeskBand64.dll
- %ProgramFiles%\HotCopyPaste\is-9L032.tmp в %ProgramFiles%\HotCopyPaste\hcpDeskBand.dll
- %ProgramFiles%\HotCopyPaste\is-C9J6E.tmp в %ProgramFiles%\HotCopyPaste\hcph.dll
- %ProgramFiles%\HotCopyPaste\is-ESO5B.tmp в %ProgramFiles%\HotCopyPaste\hcp.exe
- %ProgramFiles%\HotCopyPaste\is-JB0NV.tmp в %ProgramFiles%\HotCopyPaste\options.ico
- %ProgramFiles%\HotCopyPaste\is-DAPDI.tmp в %ProgramFiles%\HotCopyPaste\explorer.ico
- %ProgramFiles%\HotCopyPaste\Sound\is-GKQ9P.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type2.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-GATCH.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type1.wav
- %ProgramFiles%\HotCopyPaste\is-KCCIR.tmp в %ProgramFiles%\HotCopyPaste\COptions.exe
- %ProgramFiles%\HotCopyPaste\Sound\is-N9BT4.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type9.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-SDMB8.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type8.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-F50KA.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type7.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-D22NC.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type6.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-Q9R51.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type5.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-I2G1D.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type4.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-LIKHB.tmp в %ProgramFiles%\HotCopyPaste\Sound\Type3.wav
- %ProgramFiles%\HotCopyPaste\is-RMTGA.tmp в %ProgramFiles%\HotCopyPaste\uninstall.ico
- %ProgramFiles%\HotCopyPaste\Sound\is-DCR03.tmp в %ProgramFiles%\HotCopyPaste\Sound\Gurgle2.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-9I31U.tmp в %ProgramFiles%\HotCopyPaste\Sound\Gurgle1.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-DMOUI.tmp в %ProgramFiles%\HotCopyPaste\Sound\Ding2.wav
- %ProgramFiles%\HotCopyPaste\Lang\is-GUMQM.tmp в %ProgramFiles%\HotCopyPaste\Lang\lv.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-CN5VQ.tmp в %ProgramFiles%\HotCopyPaste\Lang\ko.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-LVK6S.tmp в %ProgramFiles%\HotCopyPaste\Lang\it.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-LJSQ4.tmp в %ProgramFiles%\HotCopyPaste\Lang\hu.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-NSU2R.tmp в %ProgramFiles%\HotCopyPaste\Lang\hr.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-D5C0E.tmp в %ProgramFiles%\HotCopyPaste\Lang\gr.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-FNAQ0.tmp в %ProgramFiles%\HotCopyPaste\Lang\fr.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-NKL14.tmp в %ProgramFiles%\HotCopyPaste\Lang\pt.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-1VSKV.tmp в %ProgramFiles%\HotCopyPaste\Lang\es.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-MVNL8.tmp в %ProgramFiles%\HotCopyPaste\Lang\du.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-P2KQO.tmp в %ProgramFiles%\HotCopyPaste\Lang\dk.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-I37S4.tmp в %ProgramFiles%\HotCopyPaste\Lang\de.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-SD8SE.tmp в %ProgramFiles%\HotCopyPaste\Lang\cz.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-4HEJI.tmp в %ProgramFiles%\HotCopyPaste\Lang\cn.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-N1BDE.tmp в %ProgramFiles%\HotCopyPaste\Lang\bg.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-4KEMR.tmp в %ProgramFiles%\HotCopyPaste\Lang\be.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-5QV6C.tmp в %ProgramFiles%\HotCopyPaste\Lang\ar.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-AQO00.tmp в %ProgramFiles%\HotCopyPaste\Lang\en.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-GAHI4.tmp в %ProgramFiles%\HotCopyPaste\Lang\ru.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-T3AOC.tmp в %ProgramFiles%\HotCopyPaste\Lang\pl.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-I1M1A.tmp в %ProgramFiles%\HotCopyPaste\Lang\se.txt
- %ProgramFiles%\HotCopyPaste\Sound\is-7J4T4.tmp в %ProgramFiles%\HotCopyPaste\Sound\Ding1.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-O8BQA.tmp в %ProgramFiles%\HotCopyPaste\Sound\Beep5.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-I1RM9.tmp в %ProgramFiles%\HotCopyPaste\Sound\Click.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-SNUSI.tmp в %ProgramFiles%\HotCopyPaste\Sound\Clear2.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-14UU2.tmp в %ProgramFiles%\HotCopyPaste\Sound\Clear1.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-KQRUE.tmp в %ProgramFiles%\HotCopyPaste\Sound\Cashreg.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-B0NRU.tmp в %ProgramFiles%\HotCopyPaste\Sound\Camera.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-6UTN3.tmp в %ProgramFiles%\HotCopyPaste\Sound\Beep8.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-R5O76.tmp в %ProgramFiles%\HotCopyPaste\Sound\Beep7.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-35GB8.tmp в %ProgramFiles%\HotCopyPaste\Sound\Beep6.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-QMMPP.tmp в %ProgramFiles%\HotCopyPaste\Sound\Beep4.wav
- %ProgramFiles%\HotCopyPaste\Lang\is-E81GF.tmp в %ProgramFiles%\HotCopyPaste\Lang\sk.txt
- %ProgramFiles%\HotCopyPaste\Sound\is-IRKL4.tmp в %ProgramFiles%\HotCopyPaste\Sound\Beep3.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-OR3LR.tmp в %ProgramFiles%\HotCopyPaste\Sound\Beep2.wav
- %ProgramFiles%\HotCopyPaste\Sound\is-0P9EK.tmp в %ProgramFiles%\HotCopyPaste\Sound\Beep1.wav
- %ProgramFiles%\HotCopyPaste\Lang\is-KEIGR.tmp в %ProgramFiles%\HotCopyPaste\Lang\ua.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-5HQN4.tmp в %ProgramFiles%\HotCopyPaste\Lang\tw.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-G4LKE.tmp в %ProgramFiles%\HotCopyPaste\Lang\tr.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-UT2A5.tmp в %ProgramFiles%\HotCopyPaste\Lang\sr.txt
- %ProgramFiles%\HotCopyPaste\Lang\is-9GCCH.tmp в %ProgramFiles%\HotCopyPaste\Lang\sl.txt
- %ProgramFiles%\HotCopyPaste\is-DVKUD.tmp в %ProgramFiles%\HotCopyPaste\changes.rtf
- C:\ProgramData\CopyPaste\cert.exe в %APPDATA%\amd64_microsoft-windows-d..ne-dsdiag.resources_31bf3856ad364e35_10.0.16299.15_ru-ru_b16e4203bf8d9fd5\wcmapi.exe
Сетевая активность:
UDP:
- DNS ASK ip###ger.org
Другое:
Ищет следующие окна:
- ClassName: 'EDIT' WindowName: ''
- ClassName: '18467-41' WindowName: ''
Создает и запускает на исполнение:
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\CopyPaste\report.vbs"
- 'C:\ProgramData\CopyPaste\logs.exe'
- 'C:\ProgramData\CopyPaste\hotcp.exe'
- 'C:\ProgramData\CopyPaste\cert.exe'
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\HPC\cert.vbs"
- 'C:\ProgramData\HPC\update.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%TEMP%\is-MN7FK.tmp\update.tmp' /SL5="$30106,4830631,186880,C:\ProgramData\HPC\update.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%APPDATA%\amd64_microsoft-windows-d..ne-dsdiag.resources_31bf3856ad364e35_10.0.16299.15_ru-ru_b16e4203bf8d9fd5\wcmapi.exe'
Запускает на исполнение:
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\HPC\logs.bat" "
- '<SYSTEM32>\regsvr32.exe' /s hcpDeskBand.dll
