Техническая информация
- '<SYSTEM32>\taskkill.exe' f/ /im svchost.exe
- '<SYSTEM32>\taskkill.exe' f/ /im taskmgr.exe
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- %WINDIR%\Explorer.EXE
- C:\XMAS\notice_xmas.txt
- %TEMP%\1.tmp\XMAS.A.bat
- %TEMP%\1.tmp\XMAS.A.bat
- ClassName: '' WindowName: ''
- '<SYSTEM32>\notepad.exe' C:\XMAS\notice_xmas.txt
- '<SYSTEM32>\cacls.exe' "<SYSTEM32>\config\system"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\XMAS.A.bat" "