Техническая информация
- '%TEMP%\tmp1.exe'
- '<SYSTEM32>\net.exe' stop WinDefend
- '<SYSTEM32>\net1.exe' stop WinDefend
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\WD.bat" "
- '<SYSTEM32>\sc.exe' config wuauserv start= disabled
- %TEMP%\RarSFX0\MasterPB.exe
- %TEMP%\RarSFX0\D3DX9_43.dll
- %TEMP%\RarSFX0\PBMaster.dll
- %TEMP%\tmp1.exe
- %TEMP%\RarSFX0\WD.bat
- %TEMP%\RarSFX0\explorer.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''