Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\speakerssystemtoasticon.vbs
- C:\users\public\scheduletime_80.contrast-black.ps1
- C:\users\public\remoteapplifetimemanager.vbs
- 'on####ve.live.com':443
- 'pr####.#m.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK pr####.#m.files.1drv.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\ScheduleTime_80.contrast-black.ps1
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\RemoteAppLifetimeManager.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\ScheduleTime_80.contrast-black.ps1' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c copy "C:\Users\Public\RemoteAppLifetimeManager.vbs" "%HOMEPATH%/AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeakersSystemToastIcon.vbs" /Y' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c copy "C:\Users\Public\RemoteAppLifetimeManager.vbs" "%HOMEPATH%/AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeakersSystemToastIcon.vbs" /Y