Техническая информация
- %HOMEPATH%\start menu\programs\startup\setup.js
- %TEMP%\setup.exe
- %TEMP%\dllm.js
- %TEMP%\setup.js
- <SYSTEM32>\macromed\temp\{88114daa-8649-42ce-bccc-9bce7d0581e8}\fpb.tmp
- <SYSTEM32>\macromed\temp\{c8e19684-af63-4e29-92c4-ad53402c3366}\fpb.tmp
- <SYSTEM32>\macromed\temp\{88114daa-8649-42ce-bccc-9bce7d0581e8}\fpb.tmp
- DNS ASK fp######ad.macromedia.com
- DNS ASK m9#.net
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\setup.js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\dllm.js"
- '%TEMP%\setup.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js