Техническая информация
- '%TEMP%\nircmd.exe' exec hide flash_disinfector.cmd
- '%TEMP%\nircmd.exe' infobox "If you have a flash drive, please plug it in the machine~n~nThe screen will go blank for a while. Don't get alarmed. This is normal.~n~nClick OK to begin disinfection" "Start - Flash_Disinfector"
- '%TEMP%\nircmd.exe' regdelval "hkcu\software\policies\microsoft\windows\system" "disablecmd"
- '%TEMP%\nircmd.exe' exec hide pv.exe -kf cmd.exe SCVVHSOT.exe
- '%TEMP%\pv.exe' -kf cmd.exe SCVVHSOT.exe
- '<SYSTEM32>\net1.exe' stop "DNS Connection"
- '<SYSTEM32>\net.exe' stop "Network Manager Service"
- '<SYSTEM32>\net1.exe' stop "Network Manager Service"
- '<SYSTEM32>\net.exe' stop "DNS Connection"
- '<SYSTEM32>\cmd.exe' /c flash_disinfector.cmd
- '<SYSTEM32>\find.exe' "Microsoft Windows [Version 5.2.3790]" temp00
- '<SYSTEM32>\find.exe' "Windows XP" temp00
- <SYSTEM32>\cmd.exe
- %TEMP%\pv.exe
- %TEMP%\temp00
- %TEMP%\null
- %TEMP%\vfind.exe
- %TEMP%\Flash_Disinfector.cmd
- %TEMP%\nircmd.exe
- %TEMP%\Drives.vbs
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'