Техническая информация
- %WINDIR%\tasks\toru.job
- <SYSTEM32>\tasks\toru
- %PROGRAMDATA%\iiijj\toru.exe
- '%PROGRAMDATA%\iiijj\toru.exe' start2
- '%PROGRAMDATA%\iiijj\toru.exe' start2' (со скрытым окном)
- '<SYSTEM32>\taskeng.exe' {662EF85A-4395-4CC6-8C9F-7BF296694850} S-1-5-21-1960123792-2022915161-3775307078-1001:vqfimei\user:Interactive:[1]