Техническая информация
- '<SYSTEM32>\net.exe' stop WMIUpdateService
- C:\conhost.exe
- C:\start.cmd
- C:\svchost.exe
- C:\update.bat
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""c:\start.cmd" "
- '<SYSTEM32>\net1.exe' stop WMIUpdateService
- '<SYSTEM32>\cmd.exe' /S /D /c" echo y"
- '<SYSTEM32>\cacls.exe' config.json /p everyone:c
- '<SYSTEM32>\cacls.exe' svchost.exe /p everyone:c