Техническая информация
- %WINDIR%\Tasks\Result.txt
- '<SYSTEM32>\cmd.exe' /C "netsh winhttp reset proxy" > %WINDIR%\Tasks\Result.txt
- '<SYSTEM32>\netsh.exe' winhttp reset proxy
- '<SYSTEM32>\cmd.exe' /C "cd <SYSTEM32>" > %WINDIR%\Tasks\Result.txt
- '<SYSTEM32>\cmd.exe' /C "cd %WINDIR%\SysWow64" > %WINDIR%\Tasks\Result.txt
- '<SYSTEM32>\cmd.exe' /C "cd.." > %WINDIR%\Tasks\Result.txt
- '<SYSTEM32>\tskill.exe' cmd
- '<SYSTEM32>\tskill.exe' taskmgr
- <SYSTEM32>\cmd.exe
- <Полный путь к вирусу>
- <SYSTEM32>\tskill.exe
- %TEMP%\~DF388F.tmp