Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\sihclient.url
- '%WINDIR%\syswow64\taskkill.exe' /f /im "RegAsm.exe"
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %HOMEPATH%\sihclient\sihclient.vbs
- %HOMEPATH%\sihclient\wiawow64.exe
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\catalog.dat
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\storage.dat
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\settings.bin
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\catalog.dat
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\settings.bin
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\storage.dat
- '5.#.145.244':50572
- ClassName: '' WindowName: ''
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'
- '%WINDIR%\syswow64\schtasks.exe' /delete /f /tn "UDP Subsystem"
- '%WINDIR%\syswow64\schtasks.exe' /delete /f /tn "UDP Subsystem Task"
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /f /im "RegAsm.exe" & ping -n 1 -w 3000 1.1.1.1 & type nul > "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" & del /f /q "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm...
- '%WINDIR%\syswow64\ping.exe' -n 1 -w 3000 1.1.1.1