Техническая информация
- '%WINDIR%\regedit.exe' /s cof\snes9x\SNES9X.reg exit
- '<SYSTEM32>\wbem\WMIADAP.EXE' /F /T /R
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ghost.bat" > NUL"
- '<SYSTEM32>\xcopy.exe' cof bin /e /y
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- <SYSTEM32>\LogFiles\Scm\9d774a32-03f6-4092-9d56-19bb0dc4f0e9
- %TEMP%\ghost.bat
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- %WINDIR%\inf\WmiApRpl\WmiApRpl.h
- %WINDIR%\inf\WmiApRpl\0019\WmiApRpl.ini
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- <SYSTEM32>\PerfStringBackup.TMP
- %WINDIR%\inf\WmiApRpl\0009\WmiApRpl.ini
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- %TEMP%\ghost.bat
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp