Техническая информация
- '%TEMP%\bchcabecfcdg.exe' /PID=18082 /SUBPID=0 /NETWORKID=1 /DISTID=24829 /CID=0 /PRODUCT_ID=23217 /SERVER_URL=`omn7).enqoYgeco(oldmrfgh_a(bkm /CLICKID= /D1=-1 /D2=-1 /D3=-1 /D4=-1 /D5=-1 /PRODUCT_PRIVACY= /PRODUCT_EULA= /PRODUCT_NAME=9_h`b1,Fj\kc0-Jk]ycm /EXE_URL=`omn7).lf,_d^ogq(bkm-n'-(0,,14463%1045,8)abjZ`&di[rd-ngYt^p+_wa /EXE_CMDLINE= /HOST_BROWSER=2 /THANKYOU_URL=`omn7).ph_icn'do_doodokohpb,-_ok*ai]cu(odp=_e8_pb_llr7)epm_giqatm)[jf /TIME=1417943710 /VM=2 /DS1=>M>CPI/-0X_Y_0262b4b5]+/0741c34_0(0-a-_a5c /RUNTIME_WELCOMEIMAGEURL= /IS_RUNTIME=true /RETURNING_USER_DAYS=2 /HIDEX=1 /IS_DYNAMIC_ENCRYPTED=true /USER_AGENT=Gpm@oivoe#-(hZl^adn%0+ abpb`nt)
- '<SYSTEM32>\wbem\wmic.exe' /output:%TEMP%\81418839628.txt bios get version
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\wbem\wmic.exe' /output:%TEMP%\81418839628.txt bios get serialnumber
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %TEMP%\tmp4.tmp
- %TEMP%\tmp5.tmp
- %TEMP%\81418839628.txt
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %TEMP%\tmp3.tmp
- %TEMP%\nsb2.tmp\jja.dll
- %TEMP%\insHv11.bchcabecfcdg
- %TEMP%\bchcabecfcdg.zip
- %TEMP%\insHv11.exe
- %TEMP%\nsb2.tmp\nsisunz.dll
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %TEMP%\tmp5.tmp
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\81418839628.txt
- %TEMP%\bchcabecfcdg.zip
- %TEMP%\insHv11.bchcabecfcdg
- %TEMP%\tmp4.tmp
- %TEMP%\tmp3.tmp
- %TEMP%\insHv11.exe в %TEMP%\bchcabecfcdg.exe