Техническая информация
- '%TEMP%\RarSFX0\SparkCS.exe' -script %TEMP%\Script.txt
- '<SYSTEM32>\ping.exe' localhost -n 5
- '<SYSTEM32>\mode.com' con cols=60 lines=50
- '<SYSTEM32>\wscript.exe' "%TEMP%\end.vbs"
- '<SYSTEM32>\mode.com' con cols=40 lines=8
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\Backup.bat" "
- '<SYSTEM32>\reg.exe' Query HKLM\Hardware\Description\System\CentralProcessor\0
- '<SYSTEM32>\find.exe' /i "x86"
- %TEMP%\Script.txt
- <LS_APPDATA>\ApplicationHistory\SparkCS.exe.9b87cddf.ini
- %TEMP%\end.vbs
- %TEMP%\RarSFX0\$.txt
- %TEMP%\RarSFX0\Backup.bat
- %TEMP%\RarSFX0\SparkCS.exe
- %TEMP%\RarSFX0\Ver_OS.txt
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2884.118140
- %TEMP%\Script.txt
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2884.118109
- %TEMP%\RarSFX0\Ver_OS.txt
- %TEMP%\RarSFX0\$.txt
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch в %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2884.118140
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch в %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2884.118109
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'