Техническая информация
- %WINDIR%\Microsoft.NET\assembly\regasm.exe
- %WINDIR%\Logs\scrcons.vbs
- %WINDIR%\Logs\scrcons.cmd
- %WINDIR%\Logs\mofcomp.vbs
- %WINDIR%\Logs\mofcomp.cmd
- %WINDIR%\Logs\inst.bat
- %WINDIR%\Logs\WMIADAP.vbs
- %WINDIR%\WmiPrvSF.exe
- %WINDIR%\Logs\wls.xml
- %WINDIR%\Logs\wbemtest.vbs
- %WINDIR%\Logs\wbemtest.cmd
- %WINDIR%\Logs\set.vbs
- %WINDIR%\Microsoft.NET\assembly\inst.bat
- %WINDIR%\Microsoft.NET\assembly\asmc.xml
- %WINDIR%\Microsoft.NET\assembly\set.vbs
- %WINDIR%\Logs\wlogs.exe
- %WINDIR%\config.json
- %WINDIR%\Logs\wbemtest.cmd
- %WINDIR%\Logs\wbemtest.vbs
- %WINDIR%\Logs\WMIADAP.vbs
- %WINDIR%\Logs\mofcomp.cmd
- %WINDIR%\Logs\mofcomp.vbs
- %WINDIR%\Logs\scrcons.cmd
- %WINDIR%\Logs\scrcons.vbs
- %WINDIR%\WmiPrvSF.exe
- %WINDIR%\config.json
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Microsoft.NET\assembly\set.vbs"
- '%WINDIR%\Microsoft.NET\assembly\regasm.exe' -protect
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Logs\set.vbs"
- '%WINDIR%\Logs\wlogs.exe' -psystem
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Microsoft.NET\assembly\inst.bat" "
- '<SYSTEM32>\schtasks.exe' /Create /F /TN "\Microsoft\Windows\SoftwareProtectionPlatform\SoftwareProtectionPTask" /xml "%WINDIR%\Microsoft.NET\assembly\asmc.xml"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Logs\inst.bat" "
- '<SYSTEM32>\schtasks.exe' /Create /F /TN "\Microsoft\Windows\Diagnosis\WinLogService" /xml "%WINDIR%\Logs\wls.xml"
- '<SYSTEM32>\ping.exe' 127.1 -n 15