Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\tpbfzh.com.url
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=out name=Win2y2 program="%WINDIR%\same.exe"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=in name=Win2y2 program="%WINDIR%\same.exe"
- %APPDATA%\debate\night.exe
- %TEMP%\autea5e.tmp
- %LOCALAPPDATA%\tempwkbwj.bmp
- %WINDIR%\same.exe
- %TEMP%\autea5e.tmp
- '%WINDIR%\same.exe'
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule profile=any name=Win2y2' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=out name=Win2y2 program="%WINDIR%\same.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=in name=Win2y2 program="%WINDIR%\same.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule profile=any name=Win2y2