Техническая информация
- %TEMP%\rarsfx0\ini.bat
- %TEMP%\rarsfx0\nircmd.exe
- %TEMP%\rarsfx0\script.vbs
- %WINDIR%\syswow64\control.bat
- %WINDIR%\syswow64\script.vbs
- %WINDIR%\syswow64\nircmd.exe
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\RarSFX0\script.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\ini.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\ini.bat" "
- '%WINDIR%\syswow64\net.exe' user user jkaskrue13565
- '%WINDIR%\syswow64\net1.exe' user user jkaskrue13565
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d www.cu###osexo.es /f