Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im ervd.exe
- '<SYSTEM32>\taskkill.exe' /f /im WINsvc.exe
- '<SYSTEM32>\taskkill.exe' /f /im nss3.exe
- '<SYSTEM32>\taskkill.exe' /f /im wind.exe
- <LS_APPDATA>\qb03A3D2.66\ur.exe
- <LS_APPDATA>\qb03A3D2.66\wind.exe
- <LS_APPDATA>\qb03A3D2.66\WINsvc.exe
- %TEMP%\28489P6I.bat
- <LS_APPDATA>\qb03A3D2.66\nss3.exe
- <LS_APPDATA>\qb03A3D2.66\p.rar
- %TEMP%\28489P6I.bat
- ClassName: '' WindowName: ''
- '<SYSTEM32>\attrib.exe' +h C:\ProgramData\TEMP\Microsoft\Windows\Sqm\Upload\WinRAR
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\28489P6I.bat" <Full path to file>"