Техническая информация
- '<SYSTEM32>\reg.exe' delete "HKEY_CURRENT_USER\Software\System32\RunLevel" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CURRENT_USER\Software\Drivers" /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Mirillis\Action" /f /v "Config" /t REG_BINARY /d d50011f3804a227ed02f8c0071026100307bf3ab
- '<SYSTEM32>\reg.exe' delete "HKEY_CURRENT_USER\Software\Win" /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" <Полный путь к файлу>"
- '<SYSTEM32>\cacls.exe' "<SYSTEM32>\config\system"
- '<SYSTEM32>\taskkill.exe' /f /im Action.exe
- %TEMP%\1.tmp\2.bat
- ClassName: '' WindowName: ''