Техническая информация
- '%TEMP%\sigcheck\svchost.exe' /accepteula -e -u -q -v "<SYSTEM32>\lsass.exe"
- '%TEMP%\sigcheck\svchost.exe' /accepteula -e -u -q -v "<SYSTEM32>\svchost.exe"
- '%TEMP%\sigcheck\svchost.exe' /accepteula -e -u -q -v "%WINDIR%\Explorer.EXE"
- '%TEMP%\sigcheck\svchost.exe' /accepteula -e -u -q -v "<SYSTEM32>\smss.exe"
- '%TEMP%\sigcheck\svchost.exe' /accepteula -e -u -q -v "<SYSTEM32>\winlogon.exe"
- '%TEMP%\sigcheck\svchost.exe' /accepteula -e -u -q -v "<SYSTEM32>\services.exe"
- '<SYSTEM32>\reg.exe' save HKLM\SOFTWARE %WINDIR%\temp\pandascan\pcheckbackup\20140611170150\software
- '<SYSTEM32>\reg.exe' save HKLM\SYSTEM %WINDIR%\temp\pandascan\pcheckbackup\20140611170150\system
- %WINDIR%\Temp\PANDASCAN\pcheckbackup\20140611170150\software
- %WINDIR%\Temp\PANDASCAN\pcheckbackup\20140611170150\system
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217
- <Текущая директория>\PCHECK.LOG
- %WINDIR%\md5hash.dll
- %TEMP%\aut1.tmp
- %TEMP%\sigcheck\svchost.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- '20#.#6.232.182':80
- 'wp#d':80
- 20#.#6.232.182/pki/crl/products/WindowsPCA.crl
- wp#d/wpad.dat
- DNS ASK crl.microsoft.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'