Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Scheduler' = '%APPDATA%\MSScheduler\Scheduler.exe'
- '%APPDATA%\MSScheduler\Scheduler.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '%WINDIR%\explorer.exe' %APPDATA%\MSScheduler\kage.jpg
- %APPDATA%\MSScheduler\DirList\20150203-045325.txt
- %APPDATA%\MSScheduler\klog\Lf_20150203-045325.txt
- %APPDATA%\MSScheduler\Capture\im20150203-045427.jpg
- %APPDATA%\MSScheduler\Capture\im20150203-045325.jpg
- %APPDATA%\MSScheduler\PlugIns.dll
- %APPDATA%\MSScheduler\Scheduler.exe
- %APPDATA%\MSScheduler\log_20150203-045324.txt
- %APPDATA%\MSScheduler\kage.jpg
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %APPDATA%\MSScheduler\Plugins.dll_ в %APPDATA%\MSScheduler\Plugins.dll
- %APPDATA%\MSScheduler\PlugIns.dll в %APPDATA%\MSScheduler\Plugins.dll_
- 'as###.unoeuro.com':587
- DNS ASK ft#.#niqey.dk
- DNS ASK wp#d
- DNS ASK as###.unoeuro.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''