Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /IM "starter.exe" /IM "AV_GUARD.exe" /IM "McAfeeEncryptedUSBAntivirus.exe" /IM "SSDESDService.exe" /IM "EncryptedUSBPresenter.exe" /IM "Start.exe"
- %TEMP%\1.tmp\ejectusbdrv.cmd
- %TEMP%\1.tmp\eject_usb_6.exe
- %TEMP%\2.tmp\mcafee_usb.cmd
- %TEMP%\2.tmp\lock.exe
- %TEMP%\2.tmp\removedrive.exe
- %TEMP%\2.tmp\safeejectoperation.vbs
- %TEMP%\2.tmp\closeallusbapps.vbs
- %TEMP%\1.tmp\eject_usb_6.exe
- %TEMP%\1.tmp\ejectusbdrv.cmd
- %TEMP%\2.tmp\lock.exe
- %TEMP%\2.tmp\removedrive.exe
- %TEMP%\2.tmp\closeallusbapps.vbs
- ClassName: '' WindowName: ''
- '%TEMP%\1.tmp\eject_usb_6.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\2.tmp\closeallusbapps.vbs"
- '%TEMP%\2.tmp\lock.exe'
- '%TEMP%\2.tmp\removedrive.exe' "USB\VID_1A4B*"
- '<SYSTEM32>\wscript.exe' "%TEMP%\2.tmp\safeejectoperation.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\EJECTUSBDRV.cmd" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2.tmp\McAfee_USB.CMD" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\EJECTUSBDRV.cmd" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2.tmp\McAfee_USB.CMD" "