Техническая информация
- %WINDIR%\Tasks\SA.DAT
- <SYSTEM32>\taskkill.exe /im *.* /f
- <SYSTEM32>\taskkill.exe /im svchost.exe /f
- <SYSTEM32>\fsutil.exe file createnew <SYSTEM32>\dllcache\explorer.scf 64
- <SYSTEM32>\taskkill.exe /im explorer. /f
- <SYSTEM32>\svchost.exe -k rpcss
- <SYSTEM32>\svchost.exe -k LocalService
- <SYSTEM32>\svchost.exe -k netsvcs
- <SYSTEM32>\fsutil.exe file createnew <SYSTEM32>\dllcache\svchost.exe 64
- <SYSTEM32>\fsutil.exe file createnew <SYSTEM32>\svchost.exe 64
- <SYSTEM32>\taskkill.exe /im qq.exe /f
- <SYSTEM32>\fsutil.exe file createnew %WINDIR%\explorer.exe 64
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\ПµНіЖЖ»µ.bat" "
- <SYSTEM32>\taskkill.exe /im explorer.exe /f
- <SYSTEM32>\taskkill.exe /im explorer /f
- <SYSTEM32>\taskkill.exe /im explorer.scf /f
- <SYSTEM32>\fsutil.exe file createnew %WINDIR%\explorer.scf 64
- <SYSTEM32>\fsutil.exe file createnew <SYSTEM32>\dllcache\explorer 64
- <SYSTEM32>\fsutil.exe file createnew <SYSTEM32>\dllcache\explorer.exe 64
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\1.tmp\ПµНіЖЖ»µ.bat
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\dllcache\svchost.exe
- %WINDIR%\explorer.scf
- %WINDIR%\explorer.exe
- <SYSTEM32>\dllcache\explorer.exe
- ClassName: '' WindowName: ''