Техническая информация
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- %TEMP%\autea18.tmp
- %TEMP%\amjyhur
- <LS_APPDATA>\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- <LS_APPDATA>\microsoft\windows\history\low\history.ie5\index.dat
- %TEMP%\autea18.tmp
- %TEMP%\amjyhur
- '%WINDIR%\syswow64\cmd.exe' /c netsh firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c netsh firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1