Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /T /FI "username eq user" /FI "IMAGENAME ne explorer.exe" /FI "IMAGENAME ne cmd.exe" /FI "IMAGENAME ne sihost.exe" /FI "IMAGENAME ne dwm.exe" /FI "IMAGENAME ne conhost.exe" /FI "IMAGENAME ne...
- <SYSTEM32>\windowspowershell\v1.0\powershell.exe
- <SYSTEM32>\taskhost.exe
- iexplore.exe
- %TEMP%\52e0.tmp\52e1.ps1
- ClassName: '' WindowName: ''
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' –NoProfile -ExecutionPolicy Bypass -File %TEMP%\52E0.tmp\52E1.ps1
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' –NoProfile -ExecutionPolicy Bypass -File %TEMP%\52E0.tmp\52E1.ps1' (со скрытым окном)