Техническая информация
- %WINDIR%\Temp\taskmgr.exe
- %WINDIR%\Temp\twunk_u.tmp
- %WINDIR%\Temp\wscsvc.exe
- %WINDIR%\Temp\ProtocolHost.exe
- %WINDIR%\Temp\ProtocolHost.exe
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\Temp\wscsvc.exe'
- '%WINDIR%\Temp\taskmgr.exe'
- '<SYSTEM32>\cmd.exe' /c echo f | xcopy %WINDIR%\Temp\twunk_u.tmp %WINDIR%\Temp\ProtocolHost.exe /y
- '<SYSTEM32>\cmd.exe' /S /D /c" echo f "
- '<SYSTEM32>\xcopy.exe' %WINDIR%\Temp\twunk_u.tmp %WINDIR%\Temp\ProtocolHost.exe /y