Техническая информация
- '<SYSTEM32>\taskkill.exe' /pid /f
- '<SYSTEM32>\net.exe' stop termservice
- %TEMP%\1.bat
- %TEMP%\1.vbs
- %TEMP%\RFXVMT64.dll
- %TEMP%\termsrv32.dll
- %TEMP%\ex.tmp
- %TEMP%\nsc2.tmp\System.dll
- %TEMP%\nsc2.tmp\System.dll
- '<SYSTEM32>\wscript.exe' "%TEMP%\1.vbs"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\1.bat
- '<SYSTEM32>\cmd.exe' /c powershell "(get-wmiobject win32_service | where { $_.name -eq 'TermService'}).processID"
- '<SYSTEM32>\net1.exe' stop termservice