Техническая информация
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At4.job
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- скрытых файлов
- <SYSTEM32>\attrib.exe +a +s +h <SYSTEM32>\3com_dmi\~\XZWDDD.BAT
- <SYSTEM32>\attrib.exe +r +a +s +h %WINDIR%\Tasks\*.job
- %WINDIR%\regedit.exe /s "%HOMEPATH%\Local Settings\Temp.\Tmp.reg"
- <SYSTEM32>\gpupdate.exe /force
- <SYSTEM32>\ping.exe -n 2 127.0.0.1
- <SYSTEM32>\at.exe 11:00 /every:1,2 <SYSTEM32>\3com_dmi\XZWDDD.BAT
- <SYSTEM32>\net1.exe start "Task Scheduler"
- <SYSTEM32>\mode.com con COLS=58 LINES=1
- <SYSTEM32>\at.exe 16:55,2010-01-31 <SYSTEM32>\3com_dmi\XZWDDD.BAT
- <SYSTEM32>\at.exe 17:00 /every:T,W <SYSTEM32>\3com_dmi\XZWDDD.BAT
- <SYSTEM32>\at.exe 16:55,2010-02-31 <SYSTEM32>\3com_dmi\XZWDDD.BAT
- %TEMP%\Tmp.reg
- <SYSTEM32>\3com_dmi\~\XZWDDD.BAT
- %TEMP%\bt13438.bat
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At4.job
- <SYSTEM32>\3com_dmi\~\XZWDDD.BAT
- %TEMP%\bt13438.bat
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- %TEMP%\bt13438.bat
- %TEMP%\Tmp.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''