Техническая информация
- '<SYSTEM32>\taskkill.exe' /IM "StartIsBackCfg.exe" /F
- '<SYSTEM32>\taskkill.exe' /IM "UpdateCheck.exe" /F
- <SYSTEM32>\cmd.exe
- %TEMP%\cc4b.tmp\cc5b.bat
- %TEMP%\cc4b.tmp\setup.exe
- nul
- %TEMP%\nsje5fe.tmp
- %TEMP%\nsye60e.tmp\nsexec.dll
- %TEMP%\nsye60e.tmp\nsexec.dll
- %TEMP%\cc4b.tmp\setup.exe
- %TEMP%\cc4b.tmp\cc5b.bat
- ClassName: '' WindowName: ''
- '%TEMP%\cc4b.tmp\setup.exe' /S
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule name="all" remoteip=95.141.193.133' (со скрытым окном)
- '%WINDIR%\syswow64\route.exe' delete 95.141.193.133' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\CC4B.tmp\CC5B.bat <Полный путь к файлу>"
- '<SYSTEM32>\mode.com' con:cols=80 lines=15
- '<SYSTEM32>\ping.exe' -n 5 0.0.0.0
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule name="all" remoteip=95.141.193.133
- '%WINDIR%\syswow64\route.exe' delete 95.141.193.133