Техническая информация
- '<SYSTEM32>\fhjxhfbgf.exe' "SQL .NetFramework v4.31.113" %APPDATA%"\Microsoft\Help SQL Service\sqlwriter.exe"
- '%APPDATA%\Rashgard\Session\Service.exe'
- '%APPDATA%\Rashgard\Session\start.exe' -p5hjt5nj35j3ej56jj64j46jk
- '<SYSTEM32>\taskkill.exe' /f /PID 2904
- '<SYSTEM32>\cmd.exe' /c taskkill /f /PID 2904& timeout 1 & del "%APPDATA%\Rashgard\Session\service.exe"
- %APPDATA%\Microsoft\Help SQL Service\sqlwriter.exe
- <SYSTEM32>\fhjxhfbgf.exe
- %APPDATA%\Rashgard\Session\Service.exe
- %APPDATA%\Rashgard\Session\start.exe
- %APPDATA%\Rashgard\Session\AudioHost.UI.exe
- %APPDATA%\Rashgard\Session\Service.exe
- %APPDATA%\Rashgard\Session\start.exe
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''