Техническая информация
- '%TEMP%\TT.exe'
- '%TEMP%\XWiNKEY.exe'
- '<SYSTEM32>\taskkill.exe' -f -im "crossfire.exe"
- '<SYSTEM32>\reg.exe' add "HKCU\Software\microsoft\windows\currentversion\policies\system" /v "disabletaskmgr" /t reg_dword /d "00000000" /f
- '<SYSTEM32>\taskkill.exe' -f -im "QQ.exe"
- '<SYSTEM32>\wscript.exe' "%TEMP%\RUN.VBS"
- '<SYSTEM32>\taskkill.exe' -f -im "taskmgr.exe"
- %TEMP%\run.bat
- %TEMP%\RUN.VBS
- %TEMP%\TT
- %TEMP%\XWiNKEY.ini
- %TEMP%\TT.exe
- %TEMP%\XWiNKEY.exe
- %TEMP%\run.bat
- %TEMP%\RUN.VBS
- %TEMP%\TT
- %TEMP%\XWiNKEY.ini
- %TEMP%\TT.exe
- %TEMP%\XWiNKEY.exe
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'