Техническая информация
- <SYSTEM32>\cmd.exe /c %TEMP%\\unin.bat
- %WINDIR%\regedit.exe -s %TEMP%\133875\schedule.reg
- %WINDIR%\explorer.exe /select, %TEMP%\133875\schedule.vbs
- <SYSTEM32>\wscript.exe "%TEMP%\133875\schedule.vbs"
- %WINDIR%\meed\ctfmon.exe
- %TEMP%\unin.bat
- %TEMP%\133875\schedule.reg
- %TEMP%\133875\schedule.vbs
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: '133875'
- ClassName: '' WindowName: ''