Техническая информация
- '%TEMP%\bcfcabffgbeg.exe' 3-6-5-6-2-9-7-4-3-6-7 LEpEPjsoMi0xKxksTVA8TkA9OS0aKEs/T1FNSURFQTcqHSk/Q1FLQkA6LC4vMDMaLTpCQDoqGSxKTUlCTDxQXEM9OiwvLjEoGStQP0tTP01ZU0lFOWVubW00KilxXGtyK25hYidcam4kXV1xWydmaGFpHiY8SEY9REY+OHFJS0RRTy1PTDFCP0VBRUREPE1NRUIwTRcoQC43Ji4aKj4wNCYtHSk9MDcoKx4mPTA6JyodKT8vOyQqHCxKS0w+UD1SVklORlA6QFM4Gi1HS0tBTzxRWUBPSjg2HCxKS0w+UD1SVkc9Sj82HSlAUkNWTk5JNxksP1M/XTpGQElDR0I3GylGRkxQXDxLTFFOP1A0KxwsTkE+SEZTTUxYUU9GNh0pUUc7KRkrQU0qOhoqTFNFTUVKP1hUP0c9TUQ+RUo7QEJPTUY7FyhFUFlLUkhPQ0s8NnBvb14dKU0/UkxLSkZIQFxPTj9QVj09Vk02LxoqQkc7PlQ6KxksQ05ZQlBHPUpDPFw/ST1QUElQQj42Y1tnbWMXKEBMUUdJSTw+XUBJOTAxJy4yMigzKCcuLioZLE5ER0M0KjAvLCoyLzErNRcoQExRR0lJPD5dS0JJQjcqLCwwKTAnKjEnLTMuLTUtNSE6SQ==
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\wbem\wmic.exe' /output:%TEMP%\81422167886.txt bios get version
- '<SYSTEM32>\wbem\wmic.exe' /output:%TEMP%\81422167886.txt bios get serialnumber
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %TEMP%\tmp4.tmp
- %TEMP%\tmp5.tmp
- %TEMP%\81422167886.txt
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %TEMP%\tmp3.tmp
- %TEMP%\nso2.tmp\xor.dll
- %TEMP%\insHv41.bcfcabffgbeg
- %TEMP%\bcfcabffgbeg.zip
- %TEMP%\insHv41.exe
- %TEMP%\nso2.tmp\nsisunz.dll
- %TEMP%\81422167886.txt
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\tmp3.tmp
- %TEMP%\tmp4.tmp
- %TEMP%\tmp5.tmp
- %TEMP%\insHv41.exe в %TEMP%\bcfcabffgbeg.exe