Техническая информация
- '<SYSTEM32>\net.exe' stop workframe
- '<SYSTEM32>\net1.exe' stop workframe
- '<SYSTEM32>\reg.exe' DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\workframe\ /F
- '<SYSTEM32>\cmd.exe' /c %TEMP%\2765.bat
- '<SYSTEM32>\net.exe' stop NFramework
- '<SYSTEM32>\net1.exe' stop NFramework
- %APPDATA%\InternetExplorer\System32\Recovery\cudart32_80.dll
- %APPDATA%\Microsoft\NFramework\Recovery\cudart32_80.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cudart64_75.dll
- %APPDATA%\Microsoft\NFramework\Recovery\cuda_tromp_75.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cudart32_75.dll
- %APPDATA%\Microsoft\NFramework\Recovery\cudart32_75.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cudart64_80.dll
- %APPDATA%\Microsoft\NFramework\Recovery\cudart64_80.dll
- %TEMP%\2765.bat
- %APPDATA%\Microsoft\NFramework\Recovery\cudart64_75.dll
- %APPDATA%\InternetExplorer\System32\Recovery\host.exe
- %APPDATA%\Microsoft\NFramework\Recovery\host.exe
- %APPDATA%\InternetExplorer\System32\Recovery\svhost.exe
- %APPDATA%\Microsoft\NFramework\Recovery\svhost.exe
- %APPDATA%\InternetExplorer\System32\Recovery\cpu_tromp_SSE2.dll
- %TEMP%\LZMA.DLL
- %APPDATA%\InternetExplorer\System32\Recovery\cpu_tromp_AVX.dll
- %APPDATA%\Microsoft\NFramework\Recovery\cpu_tromp_AVX.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cuda_tromp.dll
- %APPDATA%\Microsoft\NFramework\Recovery\cuda_tromp.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cuda_tromp_75.dll
- %APPDATA%\Microsoft\NFramework\Recovery\cpu_tromp_SSE2.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cuda_djezo.dll
- %APPDATA%\Microsoft\NFramework\Recovery\cuda_djezo.dll