Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /im Taskmgr.exe
- '<SYSTEM32>\taskkill.exe' /f /im attrib.exe
- '<SYSTEM32>\taskkill.exe' /f /im "SystemIdle.exe"
- <SYSTEM32>\taskmgr.exe
- %APPDATA%\1337\loaderNEW.exe
- %APPDATA%\1337\del m sorrika.bat
- %TEMP%\nsd2.tmp
- %TEMP%\nso3.tmp\System.dll
- %TEMP%\nso3.tmp\System.dll
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: 'Windows Task Manager'
- '<SYSTEM32>\attrib.exe' -s -h "C:\ProgramData\SystemIdle.exe"
- '<SYSTEM32>\taskmgr.exe'
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\1337\del m sorrika.bat" "