Техническая информация
- %WINDIR%\Tasks\At1.job
- '%TEMP%\043.exe'
- '%TEMP%\nsh3.tmp\ns4.tmp' <SYSTEM32>\cmd.exe /C at 17:00 /every:M,T,W,Th,F,Sa,Su ""%TEMP%\n2pfax.exe""
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\at.exe' 17:00 /every:M,T,W,Th,F,Sa,Su ""%TEMP%\n2pfax.exe""
- %TEMP%\nsc6.tmp\otheropt.ini
- %TEMP%\nsc6.tmp\plg.ini
- %TEMP%\nsc6.tmp\modern-wizard.bmp
- %TEMP%\nsc6.tmp\ioSpecial.ini
- %TEMP%\n2pfax.exe
- %TEMP%\nsn2.tmp
- %TEMP%\043.exe
- %TEMP%\nsh3.tmp\ns4.tmp
- %TEMP%\nsh3.tmp\nsExec.dll
- %TEMP%\043.exe
- %TEMP%\n2pfax.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\nsh3.tmp\ns4.tmp
- %TEMP%\nsh3.tmp\nsExec.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: ''