Техническая информация
- '<SYSTEM32>\find.exe' /i "cbmain.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "cbmain.ex"
- '<SYSTEM32>\taskkill.exe' /f /im "cbmain.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "cbsmain.exe"
- '<SYSTEM32>\find.exe' /i "cbsmain.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "bk.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /pid=1944
- '<SYSTEM32>\taskkill.exe' /pid=1956
- '<SYSTEM32>\find.exe' /pid=1964
- '<SYSTEM32>\find.exe' /i "cbank.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "clbank.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "clntw32.exe"
- '<SYSTEM32>\find.exe' /i "clntw32.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "contactNG.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "el_cli.ex" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "contactNG.exe"
- '<SYSTEM32>\find.exe' /i "client7.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "clbank.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "client7.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "clmain.exe"
- '<SYSTEM32>\find.exe' /i "clmain.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "bclient.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "outpost.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "nod32.exe"
- '<SYSTEM32>\find.exe' /pid=3084
- '<SYSTEM32>\find.exe' /i "spidernt.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /pid=1764
- '<SYSTEM32>\taskkill.exe' /f /im "netxray.exe"
- '<SYSTEM32>\find.exe' /i "netxray.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "nod.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "nod32.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "nod.exe"
- '<SYSTEM32>\taskkill.exe' /pid=1804
- '<SYSTEM32>\find.exe' /i "BBClient.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /pid=1348
- '<SYSTEM32>\taskkill.exe' /pid=1836
- '<SYSTEM32>\taskkill.exe' /pid=1876
- '<SYSTEM32>\find.exe' /i "bc_loader.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /pid=1752
- '<SYSTEM32>\find.exe' /i "zapro.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "ZONEALARM.EXE" "1w.txt"
- '<SYSTEM32>\find.exe' /i "bankcl.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /pid=1088
- '<SYSTEM32>\taskkill.exe' /f /im "el_cli.ex"
- '<SYSTEM32>\taskkill.exe' /f /im "translink.exe"
- '<SYSTEM32>\find.exe' /pid=1800
- '<SYSTEM32>\find.exe' /i "UniStream.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /pid=1348
- '<SYSTEM32>\find.exe' /f /im "UniStream.exe"
- '<SYSTEM32>\find.exe' /i "startclient7.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "sgbclient.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "startclient7.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "tiny.exe"
- '<SYSTEM32>\taskkill.exe' /i "tiny.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "webmoney.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /pid=1076
- '<SYSTEM32>\find.exe' /i "safari.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "cabalmain.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "ccapp.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "cabalmain.exe"
- '<SYSTEM32>\find.exe' /i "firefox.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "chrome.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "iexplore.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /pid=1072
- '<SYSTEM32>\taskkill.exe' /f /im "iexplore.exe"
- '<SYSTEM32>\find.exe' /i "sgbclient.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "iscc.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "intpro.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "iscc.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "ISClient.exe"
- '<SYSTEM32>\find.exe' /pid=112
- '<SYSTEM32>\taskkill.exe' /f /im "elbank.exe"
- '<SYSTEM32>\find.exe' /i "elbank.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "inbank-start-ff.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "intpro.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "inbank-start-ff.exe"
- '<SYSTEM32>\find.exe' /i "kb_cli.ex" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "oncbcli.exe"
- '<SYSTEM32>\spoolsv.exe' /i "oncbcli.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "rclient.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "rclient.exe"
- '<SYSTEM32>\find.exe' /pid=468
- '<SYSTEM32>\find.exe' /f /im "kb_cli.ex"
- '<SYSTEM32>\find.exe' /pid=2932
- '<SYSTEM32>\find.exe' /i "kb_cli.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "loadmain.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "kb_cli.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "NAVAPW32.EXE"
- '<SYSTEM32>\find.exe' /i "ashAvSrv.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "ashAvast.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "ashAvSrv.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "avgcc.exe"
- '<SYSTEM32>\find.exe' /i "avgcc.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "aion.exe"
- '<SYSTEM32>\find.exe' /i "aion.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "ash.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "ashAvast.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "ash.exe"
- '<SYSTEM32>\find.exe' /i "AVGCC32.EXE" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "AVP.EXE"
- '<SYSTEM32>\find.exe' /i "AVP.EXE" "1w.txt"
- '<SYSTEM32>\find.exe' /i "AVP32.EXE" "1w.txt"
- '<SYSTEM32>\find.exe' /i "AVPCC.EXE" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "AVP32.EXE"
- '<SYSTEM32>\find.exe' /i "AVGCTRL.EXE" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "AVGCC32.EXE"
- '<SYSTEM32>\taskkill.exe' /f /im "AVGCTRL.EXE"
- '<SYSTEM32>\taskkill.exe' /f /im "AVP.COM"
- '<SYSTEM32>\find.exe' /i "AVP.COM" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "ageofconan.exe"
- '<SYSTEM32>\find.exe' /i "csrss.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "smss.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "winlogon.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "lsass.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "services.exe" "1w.txt"
- '<SYSTEM32>\tasklist.exe' /nh /FO CSV
- '<SYSTEM32>\wscript.exe' "c:\112\1.vbs"
- '<SYSTEM32>\find.exe' /i "System Idle Process" "1w.txt"
- '<SYSTEM32>\find.exe' /i "System" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "System Idle Process"
- '<SYSTEM32>\find.exe' /i "svchost.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "alg.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "<Служебное имя>Log.exe"
- '<SYSTEM32>\find.exe' /i "360tray.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "ageofconan.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "360tray.exe"
- '<SYSTEM32>\find.exe' /i "spoolsv.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "explorer.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "spoolsv.exe"
- '<SYSTEM32>\find.exe' /i "<Служебное имя>Log.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "ctfmon.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "AVPCC.EXE"
- '<SYSTEM32>\taskkill.exe' /f /im "ekrn.exe"
- '<SYSTEM32>\find.exe' /i "ekrn.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "fsav.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /pid=2716
- '<SYSTEM32>\taskkill.exe' /f /im "fsav.exe"
- '<SYSTEM32>\find.exe' /i "ecmd.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "Drwebwcl.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "ecmd.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "egni.exe"
- '<SYSTEM32>\find.exe' /i "egni.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "fsav32.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "GUARD.EXE"
- '<SYSTEM32>\find.exe' /i "GUARD.EXE" "1w.txt"
- '<SYSTEM32>\find.exe' /i "mpftray.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "NAVAPW32.EXE" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "mpftray.exe"
- '<SYSTEM32>\find.exe' /f /im "fsavaui.exe"
- '<SYSTEM32>\find.exe' /i "fsavaui.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "fsavgui.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /pid=2996
- '<SYSTEM32>\taskkill.exe' /f /im "fsavgui.exe"
- '<SYSTEM32>\spoolsv.exe'
- '<SYSTEM32>\find.exe' /i "bdss.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "bdagent.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "bdss.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "bdsubmit.exe"
- '<SYSTEM32>\find.exe' /i "bdsubmit.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "AVPM.EXE"
- '<SYSTEM32>\find.exe' /i "AVPM.EXE" "1w.txt"
- '<SYSTEM32>\find.exe' /i "AVSYNMGR.EXE" "1w.txt"
- '<SYSTEM32>\find.exe' /i "bdagent.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "AVSYNMGR.EXE"
- '<SYSTEM32>\find.exe' /i "ClamWin.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "drweb386.exe"
- '<SYSTEM32>\find.exe' /i "drweb386.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "Drwebupw.exe" "1w.txt"
- '<SYSTEM32>\find.exe' /i "Drwebwcl.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "Drwebupw.exe"
- '<SYSTEM32>\find.exe' /i "drweb.exe" "1w.txt"
- '<SYSTEM32>\taskkill.exe' /f /im "ClamWin.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "drweb.exe"
- '<SYSTEM32>\taskkill.exe' /f /im "Drweb32w.exe"
- '<SYSTEM32>\find.exe' /i "Drweb32w.exe" "1w.txt"
- <SYSTEM32>\taskkill.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\find.exe
- zapro.exe
- BBClient.exe
- GUARD.EXE
- AVPM.EXE
- fsav32.exe
- cbmain.ex
- cbmain.exe
- bk.exe
- bc_loader.exe
- bclient.exe
- avgcc.exe
- AVGCC32.EXE
- ashAvSrv.exe
- ash.exe
- ashAvast.exe
- AVP32.EXE
- AVPCC.EXE
- AVP.EXE
- AVGCTRL.EXE
- AVP.COM
- <SYSTEM32>\spoolsv.exe
- C:\112\hosts.txt
- C:\112\1w.txt
- C:\112\1.vbs
- C:\112\1.bat
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'