Техническая информация
- C:\YtM5f2\ctfmon.exe
- <SYSTEM32>\attrib.exe +H +R "C:\YtM5f2"
- <SYSTEM32>\attrib.exe +H +R ""%TEMP%\e82ca2df5b3f95dfb17c8482a0943b0f.dat""
- <SYSTEM32>\rundll32.exe C:\53360R\Y590.kgf itf1
- <SYSTEM32>\cacls.exe ""%TEMP%\e82ca2df5b3f95dfb17c8482a0943b0f.dat"" /T /P everyone:N
- <SYSTEM32>\wscript.exe C:\YtM5f2\906.vbs
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\temp.jpg
- <SYSTEM32>\cacls.exe ""%HOMEPATH%\Local Settings\Temp"" /T /P everyone:F
- <SYSTEM32>\cmd.exe /c C:\YtM5f2\628.bat
- C:\log.ini
- C:\YtM5f2\628.bat
- C:\YtM5f2\906.vbs
- <SYSTEM32>\kb-x86-anti.xml
- C:\53360R\Y590.kgf
- <SYSTEM32>\WinX86.log
- <SYSTEM32>\bak8011252.log
- %HOMEPATH%\Recent\Local Disk (C).lnk
- %HOMEPATH%\Recent\temp.lnk
- C:\temp.jpg
- C:\ms6733.tmp
- C:\ms3577.tmp
- %TEMP%\113234.tmp
- %TEMP%\113234.tmp
- C:\log.ini
- C:\YtM5f2\906.vbs
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''