Техническая информация
- %TEMP%\1ef4.tmp\batchfile.bat
- %TEMP%\1ef4.tmp\claves.txt
- %TEMP%\1ef4.tmp\temp.reg
- %TEMP%\selfdel0.bat
- %TEMP%\1ef4.tmp\temp.reg
- %TEMP%\1ef4.tmp\batchfile.bat
- %TEMP%\1ef4.tmp\claves.txt
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\selfdel0.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\1EF4.tmp\batchfile.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c IPCONFIG /ALL | FIND "Physical Address"
- '%WINDIR%\syswow64\ipconfig.exe' /ALL
- '%WINDIR%\syswow64\find.exe' "Physical Address"
- '%WINDIR%\syswow64\cmd.exe' /c TYPE CLAVES.TXT | FINDstr " 00-00-00-00-00-00-00-E0"
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" TYPE CLAVES.TXT "
- '%WINDIR%\syswow64\findstr.exe' " 00-00-00-00-00-00-00-E0"
- '%WINDIR%\syswow64\regedit.exe' /s temp.reg
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\selfdel0.bat" "