Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /f /im NS-*
- emib.startup.exe
- %TEMP%\ns-i4c5r.tmp\ns-toc23.tmp
- %TEMP%\ns-t3ggk.tmp\_shfoldr.dll
- %TEMP%\ns-t3ggk.tmp\_iscrypt.dll
- %TEMP%\ns-t3ggk.tmp\tmp\ns-2a7ch.tmp
- %TEMP%\ns-t3ggk.tmp\tmp\ns-6o16b.tmp
- %TEMP%\ns-t3ggk.tmp\tmp\ns-agfel.tmp
- %TEMP%\c8w9hnol.tmp\728f3i7b0.bat
- %TEMP%\c8w9hnol.tmp\emib.startup.exe
- %TEMP%\c8w9hnol.tmp\tor1.rar
- %TEMP%\32472548
- %TEMP%\nsp320.tmp\system.dll
- nul
- %TEMP%\ns-i4c5r.tmp\ns-toc23.tmp
- %TEMP%\ns-t3ggk.tmp\tmp\ns-2a7ch.tmp в %TEMP%\ns-t3ggk.tmp\tmp\728f3i7b0.bat
- %TEMP%\ns-t3ggk.tmp\tmp\ns-6o16b.tmp в %TEMP%\ns-t3ggk.tmp\tmp\emib.startup.exe
- %TEMP%\ns-t3ggk.tmp\tmp\ns-agfel.tmp в %TEMP%\ns-t3ggk.tmp\tmp\tor1.rar
- '51.##8.119.132':80
- ClassName: '' WindowName: ''
- '%TEMP%\ns-i4c5r.tmp\ns-toc23.tmp' /SL4 $90226 <Полный путь к файлу> 11024610 126464 /password=b8t1u9o /verysilent
- '%TEMP%\c8w9hnol.tmp\emib.startup.exe'
- '%WINDIR%\syswow64\cmd.exe' /C ""%TEMP%\NS-T3GGK.tmp\tmp\728f3i7b0.bat""' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C ""%TEMP%\NS-T3GGK.tmp\tmp\728f3i7b0.bat""
- '%WINDIR%\syswow64\xcopy.exe' /Y /I /S "%TEMP%\NS-T3GGK.tmp\tmp\*" "%TEMP%\c8w9hnol.tmp\"
- '%WINDIR%\syswow64\tasklist.exe' /FI "IMAGENAME eq emib.startup.exe" /NH
- '%WINDIR%\syswow64\findstr.exe' /i "emib.startup.exe"