Техническая информация
- <SYSTEM32>\find.exe /i "version 6.1"
- <SYSTEM32>\netsh.exe firewall set allowedprogram <SYSTEM32>\crsst\csrsst.exe "Windows Security Module"
- <SYSTEM32>\attrib.exe -H -S <SYSTEM32>\crsst\*
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\inde_taj_mahal.jpg
- <SYSTEM32>\crsst\ultravnc.ini
- %TEMP%\inde_taj_mahal.jpg
- <SYSTEM32>\crsst\crsstl.exe
- <SYSTEM32>\crsst\csrsst.exe
- <LS_APPDATA>\winvnc.exe
- <LS_APPDATA>\launch.exe
- %TEMP%\a99540.bat
- <LS_APPDATA>\image.jpg
- %TEMP%\a99540.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''