Техническая информация
- '<SYSTEM32>\wscript.exe' "%WINDIR%\MicrosoftU\run.vbs"
- '<SYSTEM32>\taskkill.exe' /f /im Rar.exe
- '<SYSTEM32>\taskkill.exe' /f /im csrss.exe
- '<SYSTEM32>\net1.exe' stop MicrosoftU
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\MicrosoftU\pause.bat" "
- '<SYSTEM32>\net.exe' stop MicrosoftU
- %WINDIR%\MicrosoftU\pause.bat
- %WINDIR%\MicrosoftU\nice.Rar
- %WINDIR%\MicrosoftU\Rar.exe
- %WINDIR%\MicrosoftU\run.vbs
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''