Техническая информация
- '<SYSTEM32>\find.exe' "cmd" /c
- '<SYSTEM32>\Wbem\WMIC.exe' process where name="cmd.exe"
- '<SYSTEM32>\taskkill.exe' /f /im cmd.exe
- '<SYSTEM32>\PING.EXE' 127.0.0.1 -n 5 -w 1000
- '<SYSTEM32>\attrib.exe' <LS_APPDATA>\Temp +s +h
- '<SYSTEM32>\attrib.exe' A7383744.bat +s +h
- '<SYSTEM32>\attrib.exe' %TEMP%\check.txt -s -h
- '<SYSTEM32>\attrib.exe' %TEMP%\63846584.vbs -s -h
- <SYSTEM32>\cmd.exe
- %TEMP%\check.txt
- %TEMP%\F066.tmp\A7383744.bat
- %TEMP%\F066.tmp\A7383744.bat
- %TEMP%\F066.tmp\A7383744.bat
- %TEMP%\check.txt
- ClassName: '' WindowName: ''