Техническая информация
- '%WINDIR%\Temp\zbr\inst.exe'
- '<SYSTEM32>\wbem\scrcons.exe' -Embedding
- '<SYSTEM32>\wbem\mofcomp.exe' -N:root\subscription inst.dat
- '<SYSTEM32>\wbem\mofcomp.exe' -N:root\subscription %WINDIR%\zdf.tft
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\assembly\ber\st.bat" "
- '<SYSTEM32>\schtasks.exe' /Delete /TN bks /F
- '<SYSTEM32>\schtasks.exe' /Delete /TN aks /F
- '<SYSTEM32>\sc.exe' delete ReConnectionManager
- '<SYSTEM32>\sc.exe' stop ReConnectionManager
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\zbr\int.bat" "
- '<SYSTEM32>\ping.exe' -n 6 127.1
- '<SYSTEM32>\taskkill.exe' /f /im primecoin-qt.exe
- '<SYSTEM32>\taskkill.exe' /f /im smssz.exe
- %WINDIR%\assembly\ber\svchost.exe
- %WINDIR%\assembly\bak\st.bak
- %WINDIR%\assembly\ber\st.bat
- %TEMP%\tmp1.tmp
- %WINDIR%\zdf.tft
- %WINDIR%\assembly\bak\nbr.bak
- %WINDIR%\Temp\zbr\svc.ex
- %WINDIR%\Temp\zbr\st.bat
- %WINDIR%\Temp\zbr\inst.dat
- %WINDIR%\Temp\zbr\int.bat
- %WINDIR%\Temp\zbr\inst.exe
- %WINDIR%\Temp\zbr\inst.exe
- %WINDIR%\Temp\zbr\st.bat
- %TEMP%\tmp1.tmp
- %WINDIR%\zdf.tft
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'