Техническая информация
- %TEMP%\files.tmp
- %TEMP%\idm.bat
- %TEMP%\idm0.bat
- %TEMP%\7za.exe
- nul
- %TEMP%\files.tmp.tmp
- %TEMP%\ab2ef.exe
- %TEMP%\files.tmp
- %TEMP%\idm.bat
- %TEMP%\idm0.bat
- %TEMP%\7za.exe
- %TEMP%\ab2ef.exe
- %TEMP%\files.tmp
- %TEMP%\files.tmp
- ClassName: '' WindowName: '1112562/1160'
- ClassName: '' WindowName: '1112890/2044'
- '%TEMP%\7za.exe' d files.tmp -pidm@idm420 "VScan.exe"
- '%TEMP%\7za.exe' e files.tmp -pidm@idm420 -aoa "AB2EF.exe"
- '%TEMP%\ab2ef.exe' j6NM4Cxfv3
- '%TEMP%\ab2ef.exe' kF5nJ4D92hfOpc8
- '%TEMP%\ab2ef.exe' i9dCxZ5SjH
- '%TEMP%\ab2ef.exe' g93Xcv53d5
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\IDM0.bat" "idm@idm420""' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\IDM.bat" "idm@idm420" "<Текущая директория>""' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\IDM0.bat" "idm@idm420""
- '%WINDIR%\syswow64\reg.exe' QUERY "HKLM\Hardware\Description\System\CentralProcessor\0"
- '%WINDIR%\syswow64\find.exe' /I "x86"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath "%APPDATA%"
- '%WINDIR%\syswow64\attrib.exe' +h +r files.tmp
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\IDM.bat" "idm@idm420" "<Текущая директория>""
- '%WINDIR%\syswow64\mode.com' CON: COLS=98 LINES=22