Техническая информация
- скрытых файлов
- %TEMP%\tempdir0039\shipinv config.exe
- %TEMP%\is-i9gkd.tmp\shipinv config.tmp
- %TEMP%\is-qp96j.tmp\_isetup\_regdll.tmp
- %TEMP%\is-qp96j.tmp\_isetup\_setup64.tmp
- %TEMP%\is-qp96j.tmp\_isetup\_shfoldr.dll
- %WINDIR%\syswow64\adobe344\is-g1ot6.tmp
- %WINDIR%\syswow64\adobe344\is-etv7a.tmp
- %WINDIR%\syswow64\adobe344\is-l4toa.tmp
- %WINDIR%\syswow64\is-gfp4f.tmp
- %WINDIR%\syswow64\1028\is-kdnli.tmp
- %WINDIR%\syswow64\adobe344\is-g1ot6.tmp в %WINDIR%\syswow64\adobe344\check.vbs
- %WINDIR%\syswow64\adobe344\is-etv7a.tmp в %WINDIR%\syswow64\adobe344\password.vbs
- %WINDIR%\syswow64\adobe344\is-l4toa.tmp в %WINDIR%\syswow64\adobe344\del.bat
- %WINDIR%\syswow64\is-gfp4f.tmp в %WINDIR%\syswow64\hongkongpack9.pdf
- %WINDIR%\syswow64\1028\is-kdnli.tmp в %WINDIR%\syswow64\1028\javasd9.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\tempdir0039\shipinv config.exe' /verysilent
- '%TEMP%\is-i9gkd.tmp\shipinv config.tmp' /SL5="$C0220,1615325,83456,%TEMP%\tempdir0039\ShipInv Config.exe" /verysilent
- '%WINDIR%\syswow64\wscript.exe' "<SYSTEM32>\Adobe344\password.vbs"