Техническая информация
- Диспетчера задач (Taskmgr)
- '%TEMP%\ztmp\tmp84301.exe' qKv4mr87kd 2) Delete system 11 1
- '%TEMP%\ztmp\tmp84301.exe' h5CoUrw9k1 14 32
- '%TEMP%\ztmp\tmp84301.exe' qKv4mr87kd 1) Unlock 11 1
- '%TEMP%\ztmp\tmp84301.exe' h5CoUrw9k1 12 32
- '%TEMP%\ztmp\tmp84301.exe' f3GcN7SrE4 10 1
- '%TEMP%\ztmp\tmp84301.exe' h4d8fn87p4sx7 32,10,48,10 32,12,45,12 32,14,38,14 29,17,29,17
- '%TEMP%\ztmp\tmp84301.exe' qKv4mr87kd 3) Delete user 11 1
- '%TEMP%\ztmp\tmp84301.exe' f87Vy9HaCx [X] Draw Background color 17 15 1
- '%TEMP%\ztmp\tmp84301.exe' v7G35nC8Yd 1
- '%TEMP%\ztmp\tmp84301.exe' s7AxN54b5d 20 44 2
- '%TEMP%\ztmp\tmp84301.exe' kF5nJ4D92hfOpc8
- '%TEMP%\ztmp\tmp84301.exe' f3GcN7SrE4 7 1
- '%TEMP%\ztmp\tmp84301.exe' f3GcN7SrE4 9 0
- '%TEMP%\ztmp\tmp84301.exe' h5CoUrw9k1 10 32
- '%TEMP%\ztmp\tmp84301.exe' s7AxN54b5d 16 38 1
- '%TEMP%\ztmp\tmp84301.exe' f87Vy9HaCx Windows locked 7 11 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- %WINDIR%\Explorer.EXE
- %TEMP%\ztmp\tmp84301.exe
- %TEMP%\ztmp\tmp79401.bat
- ClassName: '(null)' WindowName: '140828/3076'
- ClassName: '(null)' WindowName: '(null)'