Technical Information
- %TEMP%\is-0nqe1.tmp\<File name>.tmp
- %TEMP%\is-7fqvp.tmp\_isetup\_setup64.tmp
- %ALLUSERSPROFILE%\is-rjjek.tmp
- %ALLUSERSPROFILE%\is-hvs03.tmp
- %ALLUSERSPROFILE%\is-4blrm.tmp
- %APPDATA%\microsoft\windows\start menu\programs\ccleaner\ccleaner.lnk
- %WINDIR% \system32\uxtheme.dll
- %ALLUSERSPROFILE%\uxtheme.dll
- %ALLUSERSPROFILE%\pass.exe
- %TEMP%\is-7fqvp.tmp\_isetup\_setup64.tmp
- %TEMP%\is-0nqe1.tmp\<File name>.tmp
- from %ALLUSERSPROFILE%\is-rjjek.tmp to %ALLUSERSPROFILE%\uacwev.bat
- from %ALLUSERSPROFILE%\is-hvs03.tmp to %ALLUSERSPROFILE%\uxtheme.dll
- from %ALLUSERSPROFILE%\is-4blrm.tmp to %ALLUSERSPROFILE%\pass.exe
- '%TEMP%\is-0nqe1.tmp\<File name>.tmp' /SL5="$120224,9285716,79360,<Full path to file>"
- '<SYSTEM32>\cmd.exe' /C ""%ALLUSERSPROFILE%\uacwev.bat""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C ""%ALLUSERSPROFILE%\uacwev.bat""
- '<SYSTEM32>\timeout.exe' /T 8