Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /f /IM "starter.exe" /IM "AV_GUARD.exe" /IM "McAfeeEncryptedUSBAntivirus.exe" /IM "SSDESDService.exe" /IM "EncryptedUSBPresenter.exe" /IM "Start.exe"
- %TEMP%\d40.tmp\mcafee_usb.cmd
- %TEMP%\d40.tmp\lock.exe
- %TEMP%\d40.tmp\removedrive.exe
- %TEMP%\d40.tmp\safeejectoperation.vbs
- %TEMP%\d40.tmp\closeallusbapps.vbs
- %TEMP%\d40.tmp\lock.exe
- %TEMP%\d40.tmp\removedrive.exe
- %TEMP%\d40.tmp\closeallusbapps.vbs
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\D40.tmp\closeallusbapps.vbs"
- '%TEMP%\d40.tmp\lock.exe'
- '%TEMP%\d40.tmp\removedrive.exe' "USB\VID_1A4B*"
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\D40.tmp\safeejectoperation.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\D40.tmp\McAfee_USB.CMD" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\D40.tmp\McAfee_USB.CMD" "