Техническая информация
- <SYSTEM32>\cmd.exe /c ""%TEMP%\7ZSfx000.cmd" "
- <SYSTEM32>\reg.exe delete "HKLM\SYSTEM\Remote Manipulator System" /f
- <SYSTEM32>\attrib.exe -s -h "<SYSTEM32>\catroot3"
- <SYSTEM32>\wscript.exe "%TEMP%\stop.js"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\del.cmd" "
- <SYSTEM32>\taskkill.exe /f /im rutserv.exe
- %TEMP%\7ZSfx000.cmd
- %TEMP%\stop.js
- %TEMP%\del.cmd
- %TEMP%\del.cmd
- %TEMP%\7ZSfx000.cmd
- %TEMP%\stop.js
- ClassName: '' WindowName: ''