Техническая информация
- %TEMP%\rarsfx0\installer.exe
- %TEMP%\rarsfx0\run.exe
- %TEMP%\7zs4bee2fc3\run.bat
- %TEMP%\7zs4bee2fc3\runner.txt
- %TEMP%\7zs4bee2fc3\final.exe
- %TEMP%\7zs4bee2fc3\installer.exe
- %TEMP%\7zs4bee2fc3\service.exe
- %TEMP%\rarsfx1\service.exe
- %APPDATA%\windowsregistry.exe
- %TEMP%\tmp1.tmp.vbs
- %TEMP%\tmp1.tmp.vbs
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\run.exe'
- '%TEMP%\7zs4bee2fc3\installer.exe' -pQwerty34#$@QQJjS -d%HOMEPATH%\Local Settings\Temp
- '%TEMP%\rarsfx1\service.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp1.tmp.vbs"
- '%APPDATA%\windowsregistry.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /rl highest /tn WindowsRegistry.exe /tr "%APPDATA%\WindowsRegistry.exe' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7zS4BEE2FC3\run.bat" "
- '<SYSTEM32>\wbem\wmiapsrv.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /rl highest /tn WindowsRegistry.exe /tr "%APPDATA%\WindowsRegistry.exe