Техническая информация
- '%TEMP%\vmprotect.exe'
- '%TEMP%\is-MPMBL.tmp\vmprotect.tmp' /SL5="$100E4,13781975,140800,%TEMP%\vmprotect.exe"
- '%TEMP%\1.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\1.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\vmprotect.exe
- <SYSTEM32>\cmd.exe
- %TEMP%\vmprotect.exe
- %TEMP%\is-MPMBL.tmp\vmprotect.tmp
- %TEMP%\is-PU6TS.tmp\_isetup\_shfoldr.dll
- %TEMP%\aut1.tmp
- %TEMP%\1.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''