Technical Information
- <SYSTEM32>\tasks\csrssc
- <SYSTEM32>\tasks\firefox
- <SYSTEM32>\tasks\firefoxf
- <SYSTEM32>\tasks\wininit
- <SYSTEM32>\tasks\lsass
- <SYSTEM32>\tasks\lsassl
- <SYSTEM32>\tasks\wininitw
- <SYSTEM32>\tasks\wudfhost
- <SYSTEM32>\tasks\wudfhostw
- <SYSTEM32>\tasks\spoolsv
- <SYSTEM32>\tasks\spoolsvs
- <SYSTEM32>\tasks\explorere
- <SYSTEM32>\tasks\explorer
- <SYSTEM32>\tasks\system
- <SYSTEM32>\tasks\systems
- <SYSTEM32>\tasks\taskhost
- <SYSTEM32>\tasks\taskhostt
- <SYSTEM32>\tasks\iexplore
- <SYSTEM32>\tasks\csrss
- <SYSTEM32>\tasks\iexplorei
- <SYSTEM32>\tasks\dwmd
- <SYSTEM32>\tasks\dwm
- C:\users\default\csrss.exe
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\wudfhost.exe
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\480b7989c529f6
- C:\totalcmd\language\wininit.exe
- C:\totalcmd\language\56085415360792
- %WINDIR%\offline web pages\lsass.exe
- %WINDIR%\offline web pages\6203df4a6bafc7
- %WINDIR%\en-us\886983d96e3d3e
- %HOMEPATH%\system.exe
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\explorer.exe
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\7a0fd90576e088
- C:\totalcmd\language\firefox.exe
- C:\totalcmd\language\0fc223bdacedc3
- C:\far2\documentation\rus\dwm.exe
- C:\far2\documentation\rus\6cb0b6c459d5d3
- <Current directory>\886983d96e3d3e
- <Current directory>\csrss.exe
- C:\totalcmd\language\f3b6ecef712a24
- C:\totalcmd\language\spoolsv.exe
- %ProgramFiles%\ashdisp\9db6e019d4f04e
- %ProgramFiles%\ashdisp\iexplore.exe
- %ProgramFiles(x86)%\k-lite codec pack\icaros\7a0fd90576e088
- %ProgramFiles(x86)%\k-lite codec pack\icaros\explorer.exe
- %HOMEPATH%\27d1bcfc3c54e0
- %WINDIR%\en-us\csrss.exe
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\886983d96e3d3e
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\csrss.exe
- C:\far2\fexcept\b75386f1303e64
- C:\far2\fexcept\taskhost.exe
- <Current directory>\9db6e019d4f04e
- <Current directory>\iexplore.exe
- C:\users\default\886983d96e3d3e
- C:\totalcmd\language\csrss.exe
- C:\totalcmd\language\886983d96e3d3e
- '21#.#09.196.49':80
- http://21#.#09.196.49/ProcessorWindows.php?kb####################################################################################################################################################...
- '%ProgramFiles(x86)%\k-lite codec pack\icaros\explorer.exe'
- '%ProgramFiles(x86)%\k-lite codec pack\icaros\explorer.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\Users\Default\csrss.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 11 /tr "'<Current directory>\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "WUDFHostW" /sc MINUTE /mo 9 /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\WUDFHost.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "WUDFHost" /sc ONLOGON /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\WUDFHost.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "WUDFHostW" /sc MINUTE /mo 7 /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\WUDFHost.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "wininitw" /sc MINUTE /mo 6 /tr "'C:\totalcmd\LANGUAGE\wininit.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "wininit" /sc ONLOGON /tr "'C:\totalcmd\LANGUAGE\wininit.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "wininitw" /sc MINUTE /mo 5 /tr "'C:\totalcmd\LANGUAGE\wininit.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsassl" /sc MINUTE /mo 8 /tr "'%WINDIR%\Offline Web Pages\lsass.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsass" /sc ONLOGON /tr "'%WINDIR%\Offline Web Pages\lsass.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsassl" /sc MINUTE /mo 13 /tr "'%WINDIR%\Offline Web Pages\lsass.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'%WINDIR%\en-US\csrss.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'%WINDIR%\en-US\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'%WINDIR%\en-US\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\explorer.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "explorer" /sc ONLOGON /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\explorer.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "explorere" /sc MINUTE /mo 11 /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\explorer.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefoxf" /sc MINUTE /mo 6 /tr "'C:\totalcmd\LANGUAGE\firefox.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefox" /sc ONLOGON /tr "'C:\totalcmd\LANGUAGE\firefox.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefoxf" /sc MINUTE /mo 6 /tr "'C:\totalcmd\LANGUAGE\firefox.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "dwmd" /sc MINUTE /mo 13 /tr "'C:\Far2\Documentation\rus\dwm.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "dwm" /sc ONLOGON /tr "'C:\Far2\Documentation\rus\dwm.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "dwmd" /sc MINUTE /mo 5 /tr "'C:\Far2\Documentation\rus\dwm.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 5 /tr "'C:\totalcmd\LANGUAGE\csrss.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'<Current directory>\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'C:\totalcmd\LANGUAGE\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'<Current directory>\csrss.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "spoolsv" /sc ONLOGON /tr "'C:\totalcmd\LANGUAGE\spoolsv.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\Default\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'C:\Users\Default\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 11 /tr "'<Current directory>\iexplore.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplore" /sc ONLOGON /tr "'<Current directory>\iexplore.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 12 /tr "'<Current directory>\iexplore.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 5 /tr "'<Current directory>\iexplore.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 14 /tr "'<Current directory>\iexplore.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "taskhostt" /sc MINUTE /mo 12 /tr "'C:\Far2\FExcept\taskhost.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "taskhost" /sc ONLOGON /tr "'C:\Far2\FExcept\taskhost.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "taskhostt" /sc MINUTE /mo 11 /tr "'C:\Far2\FExcept\taskhost.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\csrss.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "SystemS" /sc MINUTE /mo 5 /tr "'%HOMEPATH%\System.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "System" /sc ONLOGON /tr "'%HOMEPATH%\System.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "SystemS" /sc MINUTE /mo 5 /tr "'%HOMEPATH%\System.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "explorere" /sc MINUTE /mo 9 /tr "'%ProgramFiles(x86)%\K-Lite Codec Pack\Icaros\explorer.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "explorer" /sc ONLOGON /tr "'%ProgramFiles(x86)%\K-Lite Codec Pack\Icaros\explorer.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "explorere" /sc MINUTE /mo 8 /tr "'%ProgramFiles(x86)%\K-Lite Codec Pack\Icaros\explorer.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 5 /tr "'%ProgramFiles%\ashDisp\iexplore.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplore" /sc ONLOGON /tr "'%ProgramFiles%\ashDisp\iexplore.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 7 /tr "'%ProgramFiles%\ashDisp\iexplore.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "spoolsvs" /sc MINUTE /mo 5 /tr "'C:\totalcmd\LANGUAGE\spoolsv.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "spoolsvs" /sc MINUTE /mo 11 /tr "'C:\totalcmd\LANGUAGE\spoolsv.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 5 /tr "'C:\totalcmd\LANGUAGE\csrss.exe'" /rl HIGHEST /f