Техническая информация
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\tscons.exe' = '<SYSTEM32>\tscons.exe:*:Enabled:tscons'
- '<SYSTEM32>\at.exe' 1:00 /interactive /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 "<SYSTEM32>\vsvc.exe"
- '<SYSTEM32>\at.exe' 2:00 /interactive /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 "<SYSTEM32>\vsvc.exe"
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\at.exe' 0:00 /interactive /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 "<SYSTEM32>\vsvc.exe"
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\tmp4.bat" "
- '<SYSTEM32>\at.exe' /delete /yes
- '%WINDIR%\regedit.exe' /s tmp.reg
- <SYSTEM32>\tmp.reg
- <SYSTEM32>\tmp4.bat
- %TEMP%\$inst\0001.tmp
- %TEMP%\K-Lite_Codec_Pack_570_Full.exe
- <SYSTEM32>\VFPADBC.TXT
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- <SYSTEM32>\tscons.exe
- <SYSTEM32>\vsvc.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\0001.tmp
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''