Техническая информация
- '<SYSTEM32>\taskkill.exe' /IM cmstp.exe /F
- <SYSTEM32>\cmstp.exe
- %WINDIR%\temp\40e5sswt.exe
- %WINDIR%\temp\54jtwvcz.inf
- ClassName: '' WindowName: ''
- '%WINDIR%\temp\40e5sswt.exe'
- '<SYSTEM32>\cmstp.exe' /au %WINDIR%\temp\54jtwvcz.inf
- '<SYSTEM32>\cmd.exe' /c start %WINDIR%\temp\40e5sswt.exe
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose