Техническая информация
- %WINDIR%\Tasks\At1.job
- '%WINDIR%\svchost.exe'
- '%WINDIR%\spoolsv.exe' PR
- '<SYSTEM32>\explorer.exe'
- '%WINDIR%\spoolsv.exe' SE
- '<SYSTEM32>\at.exe' 20:01 /interactive /every:M,T,W,Th,F,S,Su %WINDIR%\svchost.exe
- '<SYSTEM32>\rundll32.exe' inetcpl.cpl,ClearMyTracksByProcess 255
- <Полный путь к вирусу>
- %WINDIR%\svchost.exe
- %WINDIR%\spoolsv.exe
- <SYSTEM32>\explorer.exe
- %WINDIR%\svchost.exe
- %WINDIR%\spoolsv.exe
- <SYSTEM32>\explorer.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'