Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /im OfficeModule.exe
- %TEMP%\7ZipSfx.000\downspreads.cmd
- %TEMP%\7ZipSfx.000\updates.cmd
- %TEMP%\7ZipSfx.000\OfficeModule.exe
- %TEMP%\7ZipSfx.000\EHpCf
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\downspreads.cmd" "
- '<SYSTEM32>\cmd.exe' /c vol c:
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\chcp.com' 866