Техническая информация
- '%TEMP%\RarSFX0\System.exe'
- '<SYSTEM32>\cacls.exe' "C:\System Volume Information\System" /E /G %USERNAME%:F
- '<SYSTEM32>\cacls.exe' "C:\System Volume Information" /E /G %USERNAME%:F
- '<SYSTEM32>\reg.exe' delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /f
- '<SYSTEM32>\attrib.exe' +s +h "C:\System Volume Information\System"
- '<SYSTEM32>\cacls.exe' "C:\System Volume Information\System\win\*" /E /T /G %USERNAME%:F
- '<SYSTEM32>\cacls.exe' "C:\System Volume Information\System\win" /E /G %USERNAME%:F
- '<SYSTEM32>\taskkill.exe' /F /IM adobeupdater.exe /T
- '<SYSTEM32>\taskkill.exe' /F /IM safesurf.exe /T
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\pre.bat" "
- '<SYSTEM32>\reg.exe' delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /f
- '<SYSTEM32>\net1.exe' stop "Microsoft .NET Runtime Optimization Service 2.0.50737"
- '<SYSTEM32>\net.exe' stop "Microsoft .NET Runtime Optimization Service 2.0.50737"
- %TEMP%\RarSFX0\System.exe
- %TEMP%\RarSFX0\pre.bat
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'