Техническая информация
- '%TEMP%\1.tmp\crypt.exe' -decrypt -key pC.42_Thd -infile crash -outfile crash.bat
- '%TEMP%\1.tmp\crypt.exe' -decrypt -key pC.42_Thd -infile nircmd -outfile nircmd.exe
- '%TEMP%\1.tmp\crypt.exe' -decrypt -key pC.42_Thd -infile nircmdc -outfile nircmdc.exe
- '%TEMP%\1.tmp\crypt.exe' -decrypt -key pC.42_Thd -infile killav -outfile killav.bat
- '%TEMP%\1.tmp\7za.exe' e bidule.7z
- '%TEMP%\1.tmp\crypt.exe' -decrypt -key pC.42_Thd -infile start -outfile start.bat
- '%TEMP%\1.tmp\crypt.exe' -decrypt -key pC.42_Thd -infile killinput -outfile killinput.bat
- '<SYSTEM32>\xcopy.exe' /Q /Y start.bat "%APPDATA%\Microsoft\Windows"
- '<SYSTEM32>\xcopy.exe' /Q /Y start.bat "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
- '<SYSTEM32>\taskkill.exe' /F /IM cmd.exe /FI "PID ne "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\index.bat" "
- '<SYSTEM32>\tasklist.exe' /FI "WINDOWTITLE eq DontKillMe_1151630276300034036" /NH
- %TEMP%\1.tmp\nircmd
- %TEMP%\1.tmp\killproc
- %TEMP%\1.tmp\killinput
- %APPDATA%\Microsoft\Windows\start.bat
- %TEMP%\1.tmp\start
- %TEMP%\1.tmp\nircmdc
- %TEMP%\1.tmp\7za.exe
- %TEMP%\1.tmp\bidule.7z
- %TEMP%\1.tmp\index.bat
- %TEMP%\1.tmp\killav
- %TEMP%\1.tmp\crypt
- %TEMP%\1.tmp\crash
- %TEMP%\1.tmp\index.bat
- %TEMP%\1.tmp\7za.exe
- %TEMP%\1.tmp\bidule.7z
- %TEMP%\1.tmp\crypt в %TEMP%\1.tmp\crypt.exe
- ClassName: '(null)' WindowName: '(null)'