Техническая информация
- '%APPDATA%\Microsoft\Security Center\csrss.exe'
- '<SYSTEM32>\eventvwr.exe'
- '<SYSTEM32>\mmc.exe' /s <SYSTEM32>\eventvwr.msc
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\d1l.bat" "
- '<SYSTEM32>\cmd.exe' /C SCHTASKS /Create /SC ONSTART /TN Client Server Runtime Process /TR %APPDATA%\Microsoft\Security Center\csrss.exe
- '<SYSTEM32>\schtasks.exe' /Create /SC ONSTART /TN Client Server Runtime Process /TR %APPDATA%\Microsoft\Security Center\csrss.exe
- <SYSTEM32>\eventvwr.exe
- %APPDATA%\d1l.bat
- %APPDATA%\Microsoft\Security Center\csrss.exe
- %APPDATA%\System Schema\svchosts.exe
- %APPDATA%\Microsoft\Security Center\csrss.exe
- %APPDATA%\System Schema\svchosts.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''