Техническая информация
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "Antivirus" /rl highest /tr "'%ProgramFiles%\User\Administrator.exe' /startup" /f
- <SYSTEM32>\wbem\wmiprvse.exe
- %TEMP%\oembed.xml
- %TEMP%\bu.js
- %TEMP%\path.r
- %ProgramFiles%\User\Administrator.exe
- %TEMP%\nsk3.tmp\System.dll
- %TEMP%\rKMmpP5upzp=
- %TEMP%\nss2.tmp
- %TEMP%\oembed.json
- %TEMP%\favicon.ico1040350830.x-icon
- %TEMP%\follow_07.png
- 'wx###xia0.com':9847
- 'my#.#aflck.com':9847
- DNS ASK wx###xia0.com
- DNS ASK my#.#aflck.com
- ClassName: 'supply' WindowName: ''
- ClassName: 'slot' WindowName: ''
- ClassName: 'zone' WindowName: ''
- ClassName: 'participation' WindowName: ''
- ClassName: 'wartime' WindowName: ''
- ClassName: 'prop' WindowName: ''
- ClassName: 'cellar' WindowName: ''
- ClassName: 'charts' WindowName: ''
- ClassName: 'stand' WindowName: ''
- ClassName: 'appropriation' WindowName: ''
- ClassName: 'benches' WindowName: ''
- ClassName: 'grids' WindowName: ''
- ClassName: 'sites' WindowName: ''
- ClassName: 'preference' WindowName: ''
- ClassName: 'sizing' WindowName: ''