Техническая информация
- '%TEMP%\ac2347995f584be3bbc136688e415ec3.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\Remote Manipulator System" /f
- '<SYSTEM32>\attrib.exe' -s -h "<SYSTEM32>\catroot3"
- '<SYSTEM32>\wscript.exe' "%TEMP%\stop.js"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\del.cmd" "
- '<SYSTEM32>\taskkill.exe' /f /im rutserv.exe
- %TEMP%\stop.js
- %TEMP%\7ZSfx000.cmd
- %TEMP%\ac2347995f584be3bbc136688e415ec3.exe
- %TEMP%\del.cmd
- %TEMP%\7ZSfx000.cmd
- %TEMP%\del.cmd
- %TEMP%\stop.js
- %TEMP%\ac2347995f584be3bbc136688e415ec3.exe
- ClassName: '' WindowName: ''