Техническая информация
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\Remote Manipulator System" /f
- '<SYSTEM32>\ping.exe' localhost
- '<SYSTEM32>\taskkill.exe' /f /im de.exe
- '<SYSTEM32>\attrib.exe' -s -h "%WINDIR%\en-US\DRVSTORE\Dism\ru-RU\security\ApplicationId\PolicyManagement\PolicyManagement\System\32\Web\Histoty\*.*"
- '<SYSTEM32>\taskkill.exe' /f /im rfusclient.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\de.bat" "
- '<SYSTEM32>\wscript.exe' "%TEMP%\stop.js"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
- '<SYSTEM32>\taskkill.exe' /f /im rutserv.exe
- %TEMP%\7ZSfx000.cmd
- %TEMP%\de.bat
- %TEMP%\stop.js
- %WINDIR%\control.ini
- %TEMP%\7ZSfx000.cmd
- %TEMP%\stop.js
- ClassName: '(null)' WindowName: '(null)'