Техническая информация
- [<HKCU>\SOFTWARE\Ghisler\Total Commander]
- %TEMP%\texpros.exe
- %TEMP%\totalcmd950b4x32_64.exe
- %TEMP%\7zs494f52de\tcmain.inf
- %TEMP%\7zs494f52de\totalcmd950b4x32_64.cab
- %TEMP%\7zs494f52de\totalcmdbetainst.exe
- '%TEMP%\texpros.exe'
- '%TEMP%\totalcmd950b4x32_64.exe'
- '%TEMP%\7zs494f52de\totalcmdbetainst.exe' tcmain.inf
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden (Start-Process -FilePath $env:Temp\texpros.exe)' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden (Start-Process -FilePath $env:Temp\totalcmd950b4x32_64.exe)' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden (Start-Process -FilePath $env:Temp\texpros.exe)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden (Start-Process -FilePath $env:Temp\totalcmd950b4x32_64.exe)