Техническая информация
- ClassName: 'FileMonClass', WindowName: ''
- ClassName: 'RegMonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %ALLUSERSPROFILE%\Application Data\TEMP\RAIDTest
- %TEMP%\KillMiner.bat
- %TEMP%\KillMiner.bat
- %TEMP%\KillMiner.bat
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\KillMiner.bat
- '<SYSTEM32>\cmd.exe' /S /D /c" echo Y"
- '<SYSTEM32>\cacls.exe' %WINDIR%\IME\Microsoft /T /D users
- '<SYSTEM32>\cacls.exe' %WINDIR%\IME\Microsoft /T /D administrators
- '<SYSTEM32>\cacls.exe' %WINDIR%\IME\Microsoft /T /D SYSTEM
- '<SYSTEM32>\cacls.exe' %WINDIR%\IME\Crypt /T /D users
- '<SYSTEM32>\cacls.exe' %WINDIR%\IME\Crypt /T /D administrators
- '<SYSTEM32>\cacls.exe' %WINDIR%\IME\Crypt /T /D SYSTEM
- '<SYSTEM32>\cmd.exe' /c SCHTASKS /Delete /TN * /F
- '<SYSTEM32>\schtasks.exe' /Delete /TN * /F