Technical Information
- <SYSTEM32>\net1.exe stop amon
- <SYSTEM32>\taskkill.exe /IM nod32krn.exe /F /T
- <SYSTEM32>\ntvdm.exe -f
- <SYSTEM32>\taskkill.exe /IM avp.exe /F /T
- <SYSTEM32>\tree.com
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\nod32.bat""
- <SYSTEM32>\net.exe stop amon
- <SYSTEM32>\msg.exe * by upO aka Dark_Apocal1pce
- AVP.EXE
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs3.tmp
- %TEMP%\1.tmp\nod32.bat
- <Current directory>\eicar.com
- %TEMP%\1.tmp\nod32.bat
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs2.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a78.a7c.340004'
- ClassName: '' WindowName: ''