Техническая информация
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At4.job
- %WINDIR%\Tasks\At5.job
- '<SYSTEM32>\at.exe' \\127.0.0.1 10:45 "%HOMEPATH%\zJFmv.exe\zJFmv.exe"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
- %HOMEPATH%\zJFmv.exe\zJFmv.exe
- %HOMEPATH%\zJFmv.exe\xF.cj
- %TEMP%\aut1.tmp
- %TEMP%\TQBXjjAIx.WH
- %HOMEPATH%\zJFmv.exe\zJFmv.exe:Zone.Identifier
- %TEMP%\~pwjorai.tmp
- \Device\LanmanRedirector\127.0.0.1\PIPE\atsvc
- %HOMEPATH%\zJFmv.exe\zJFmv.exe
- %TEMP%\aut1.tmp
- %TEMP%\~pwjorai.tmp
- 'localhost':445
- 'localhost':139
- ClassName: 'EDIT' WindowName: ''
- '%HOMEPATH%\zJFmv.exe\zJFmv.exe'
- '%HOMEPATH%\zJFmv.exe\zJFmv.exe' /AutoIt3ExecuteScript "%TEMP%\~pwjorai.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe'
- '<SYSTEM32>\cmd.exe' /c AT \\127.0.0.1 10:45 "%HOMEPATH%\zJFmv.exe\zJFmv.exe"
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "zJFmv.exe" /tr "%HOMEPATH%\zJFmv.exe\zJFmv.exe" /f