Техническая информация
- '%TEMP%\server.exe'
- '%WINDIR%\XXInstall\ps.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\file" /XML "%TEMP%\1685460649.xml"
- '%APPDATA%\svchosit\filename.exe'
- '<SYSTEM32>\schtasks.exe' /Delete /TN "Update\file" /F
- %WINDIR%\XXInstall\ps.exe
- <SYSTEM32>\ctfmon.exe
- egni.exe
- AVPCC.EXE
- %TEMP%\tmp10.tmp
- %TEMP%\tmp11.tmp
- %TEMP%\tmp12.tmp
- %TEMP%\tmpF.tmp
- %TEMP%\tmpC.tmp
- %TEMP%\tmpD.tmp
- %TEMP%\tmpE.tmp
- %TEMP%\tmp13.tmp
- %TEMP%\tmp17.tmp
- %TEMP%\781183485.xml
- %TEMP%\1041836689.xml
- %TEMP%\tmp16.tmp
- %TEMP%\tmp14.tmp
- %TEMP%\tmp15.tmp
- %TEMP%\server.exe
- %TEMP%\tmp1.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp3.tmp
- %APPDATA%\data.bin
- %APPDATA%\svchosit\filename.exe
- %TEMP%\1685460649.xml
- %TEMP%\1839314482.xml
- %TEMP%\tmp4.tmp
- %TEMP%\tmp9.tmp
- %TEMP%\tmpA.tmp
- %TEMP%\tmpB.tmp
- %TEMP%\tmp8.tmp
- %TEMP%\tmp5.tmp
- %TEMP%\tmp6.tmp
- %TEMP%\tmp7.tmp
- %APPDATA%\svchosit\filename.exe
- %APPDATA%\svchosit\filename.exe
- %TEMP%\1685460649.xml
- ClassName: 'Shell_TrayWnd' WindowName: ''