Техническая информация
- '<SYSTEM32>\taskkill.exe' /F /IM taskmgr.exe
- '<SYSTEM32>\taskkill.exe' /F /IM regedit.exe
- '<SYSTEM32>\taskkill.exe' /F /IM explorer.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\updateW\3.vbs
- %TEMP%\updateW\a.bat
- %TEMP%\updateW\windows.cmd
- %TEMP%\updateW\x64.bat
- %TEMP%\updateW\1.vbs
- %TEMP%\updateW\2.vbs
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\updateW\1.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\updateW\3.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\updateW\2.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\updateW\a.bat" "
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\updateW\x64.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\updateW\windows.cmd" "
- '<SYSTEM32>\rundll32.exe' fldrclnr.dll,Wizard_RunDLL