Техническая информация
- <SYSTEM32>\tasks\office
- %TEMP%\q.bat
- %TEMP%\inv.sfx.exe
- %TEMP%\inv.exe
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\inv.sfx.exe' -p877 -d%LOCALAPPDATA%\Temp
- '%TEMP%\inv.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Q.bat" "
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "OFFICE" /sc ONLOGON /tr "%TEMP%\INV.exe" /rl HIGHEST /f