Техническая информация
- '%TEMP%\del.exe'
- '<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\config.exe" /f
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '<SYSTEM32>\wscript.exe' "%TEMP%\del.vbs"
- %TEMP%\del.exe
- %TEMP%\del.vbs
- %TEMP%\del.bat
- %TEMP%\kill.bat
- %TEMP%\del.vbs
- %TEMP%\kill.bat
- %TEMP%\del.exe
- %WINDIR%\Temp\Perflib_Perfdata_7e8.dat
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'