Техническая информация
- '<SYSTEM32>\reg.exe' /f /im explorer.exe
- '<SYSTEM32>\taskkill.exe' /pid=3944
- '<SYSTEM32>\reg.exe' /pid=3340
- '<SYSTEM32>\taskkill.exe' add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "sys32" /t REG_SZ /d
- '<SYSTEM32>\reg.exe' /pid=1896
- '<SYSTEM32>\reg.exe' /pid=3864
- '<SYSTEM32>\taskkill.exe' /pid=5628
- '<SYSTEM32>\taskhost.exe'
- '<SYSTEM32>\taskkill.exe' /pid=5576
- '<SYSTEM32>\taskkill.exe' /pid=3896
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- '<SYSTEM32>\svchost.exe' -k imgsvc
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\E80D.tmp\Build.bat" "
- '<SYSTEM32>\mspaint.exe'
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "sys32" /t REG_SZ /d
- '<SYSTEM32>\reg.exe' /pid=2928
- '<SYSTEM32>\taskkill.exe'
- '<SYSTEM32>\reg.exe' /pid=3032
- '<SYSTEM32>\reg.exe'
- <SYSTEM32>\sys32.bat
- %TEMP%\E80D.tmp\Build.bat
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'