Техническая информация
Изменения в файловой системе
Создает следующие файлы
- %WINDIR%\ah.exe
Изменяет следующие файлы
- <Имя диска съемного носителя>:\correct.avi
- <Имя диска съемного носителя>:\testcertificate.cer
- <Имя диска съемного носителя>:\pmd.cer
- <Имя диска съемного носителя>:\contosoroot.cer
- <Имя диска съемного носителя>:\contoso_1.cer
- <Имя диска съемного носителя>:\default.bmp
- <Имя диска съемного носителя>:\coffee.bmp
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\propsww2.cab
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\propsww.cab
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\proplusww.xml
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\proplusww.msi
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\owow32ww.cab
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.xml
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.msi
- C:\kms\kms_vl_all_aio_debug.log
- C:\kms\kms_vl_all_aio.cmd
- C:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini
- <Имя диска съемного носителя>:\dialmap.bmp
- <Имя диска съемного носителя>:\tileimage.bmp
- <Имя диска съемного носителя>:\dial.bmp
- <Имя диска съемного носителя>:\toolbar.bmp
- <Имя диска съемного носителя>:\dashborder_96.bmp
- D:\install.log
- D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini
- <Имя диска съемного носителя>:\dashborder_144.bmp
- <Имя диска съемного носителя>:\archer.avi
- <Имя диска съемного носителя>:\delete.avi
- <Имя диска съемного носителя>:\contoso.cer
- <Имя диска съемного носителя>:\contosoroot_1.cer
Изменяет множество файлов.
Подменяет следующие исполняемые файлы
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-dddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-ffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-gggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-llllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-cccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-pppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-ssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-tttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-oooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-cccccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-dddddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-ffffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-gggggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-llllllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-oooooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-pppppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-ssssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-tttttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
Подменяет следующие файлы
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-oooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-pppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-ssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-tttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-llllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-cccccccccccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-dddddddddddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-ffffffffffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-ssssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-tttttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-cccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-dddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-ffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-gggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-pppppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-ppppppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-gggggggggggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-fffffffffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-ggggggggggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-lllllllllllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-ooooooooooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-ppppppppppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-sssssssssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-ttttttttttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-oooooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-llllllllllllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-oooooooooooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-pppppppppppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-ssssssssssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-tttttttttttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-ccccccccccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-llllllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-cccccccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-dddddddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-ffffffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-gggggggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-llllllllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-oooooooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-pppppppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-ccccccccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-ddddddddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-fffffffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-ggggggggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-ooooooooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-ppppppppppppppppppppppppppppppppppppppppp.ppp
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-sssssssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-ttttttttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-lllllllllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-ddddddddddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-ssssssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-ttttttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.vvv
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-cccccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-dddddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-ffffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-gggggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-tttttttttttttttttttttttttttttttttttttttt.ttt
- C:\msocache\all users\{90140000-sssssssssssssssssssssssssssssssssssssss.sss
- C:\msocache\all users\{90140000-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.uuu
- C:\msocache\all users\{90140000-rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.rrr
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.www
- C:\msocache\all users\{90140000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx
- C:\msocache\all users\{90140000-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyy
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
- C:\msocache\all users\{90140000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaa
- C:\msocache\all users\{90140000-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.bbb
- C:\msocache\all users\{90140000-ccccccccccccccccccccccccccccccccccccccc.ccc
- C:\msocache\all users\{90140000-ddddddddddddddddddddddddddddddddddddddd.ddd
- C:\msocache\all users\{90140000-eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.eee
- C:\msocache\all users\{90140000-fffffffffffffffffffffffffffffffffffffff.fff
- C:\msocache\all users\{90140000-ggggggggggggggggggggggggggggggggggggggg.ggg
- C:\msocache\all users\{90140000-hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.hhh
- C:\msocache\all users\{90140000-iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.iii
- C:\msocache\all users\{90140000-jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.jjj
- C:\msocache\all users\{90140000-kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.kkk
- C:\msocache\all users\{90140000-lllllllllllllllllllllllllllllllllllllll.lll
- C:\msocache\all users\{90140000-mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.mmm
- C:\msocache\all users\{90140000-nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn.nnn
- C:\msocache\all users\{90140000-ooooooooooooooooooooooooooooooooooooooo.ooo
- C:\msocache\all users\{90140000-qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.qqq
- C:\msocache\all users\{90140000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzz
Самоперемещается
- из <Полный путь к файлу> в C:\aqxaaaaaaaaaaaaa.aaa
- из C:\aqxwwwwwwwwwwwww.www в C:\aqxxxxxxxxxxxxxx.xxx
- из C:\aqxvvvvvvvvvvvvv.vvv в C:\aqxwwwwwwwwwwwww.www
- из C:\aqxuuuuuuuuuuuuu.uuu в C:\aqxvvvvvvvvvvvvv.vvv
- из C:\aqxttttttttttttt.ttt в C:\aqxuuuuuuuuuuuuu.uuu
- из C:\aqxsssssssssssss.sss в C:\aqxttttttttttttt.ttt
- из C:\aqxrrrrrrrrrrrrr.rrr в C:\aqxsssssssssssss.sss
- из C:\aqxqqqqqqqqqqqqq.qqq в C:\aqxrrrrrrrrrrrrr.rrr
- из C:\aqxppppppppppppp.ppp в C:\aqxqqqqqqqqqqqqq.qqq
- из C:\aqxooooooooooooo.ooo в C:\aqxppppppppppppp.ppp
- из C:\aqxnnnnnnnnnnnnn.nnn в C:\aqxooooooooooooo.ooo
- из C:\aqxmmmmmmmmmmmmm.mmm в C:\aqxnnnnnnnnnnnnn.nnn
- из C:\aqxlllllllllllll.lll в C:\aqxmmmmmmmmmmmmm.mmm
- из C:\aqxkkkkkkkkkkkkk.kkk в C:\aqxlllllllllllll.lll
- из C:\aqxjjjjjjjjjjjjj.jjj в C:\aqxkkkkkkkkkkkkk.kkk
- из C:\aqxiiiiiiiiiiiii.iii в C:\aqxjjjjjjjjjjjjj.jjj
- из C:\aqxhhhhhhhhhhhhh.hhh в C:\aqxiiiiiiiiiiiii.iii
- из C:\aqxggggggggggggg.ggg в C:\aqxhhhhhhhhhhhhh.hhh
- из C:\aqxfffffffffffff.fff в C:\aqxggggggggggggg.ggg
- из C:\aqxeeeeeeeeeeeee.eee в C:\aqxfffffffffffff.fff
- из C:\aqxddddddddddddd.ddd в C:\aqxeeeeeeeeeeeee.eee
- из C:\aqxccccccccccccc.ccc в C:\aqxddddddddddddd.ddd
- из C:\aqxbbbbbbbbbbbbb.bbb в C:\aqxccccccccccccc.ccc
- из C:\aqxaaaaaaaaaaaaa.aaa в C:\aqxbbbbbbbbbbbbb.bbb
- из C:\aqxxxxxxxxxxxxxx.xxx в C:\aqxyyyyyyyyyyyyy.yyy
- из C:\aqxyyyyyyyyyyyyy.yyy в C:\aqxzzzzzzzzzzzzz.zzz
Самоудаляется.
Изменяет множество файлов пользовательских данных (Trojan.Encoder).
Другое
Создает и запускает на исполнение
- '%WINDIR%\ah.exe' -accepteula -r -s -q c:\*
- '%WINDIR%\ah.exe' -accepteula -r -s -q z:\*
- '%WINDIR%\ah.exe' -accepteula -r -s -q e:\*
- '%WINDIR%\ah.exe' -accepteula -r -s -q d:\*
- '%WINDIR%\ah.exe' -accepteula -r -s -q i:\*
- '%WINDIR%\ah.exe' -accepteula -r -s -q <Имя диска съемного носителя>:\*
- '%WINDIR%\ah.exe' -accepteula -r -s -q g:\*
- '%WINDIR%\ah.exe' -accepteula -r -s -q h:\*
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q c:\* & taskkill /f /im exp* "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q z:\* "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q i:\* "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q h:\* "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "<SYSTEM32>\takeown.exe /F <SYSTEM32>\*skm*.exe & <SYSTEM32>\icacls.exe <SYSTEM32>\*skm*.exe /deny *S-1-1-0:F"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q d:\* "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q e:\* "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q <Имя диска съемного носителя>:\* "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q g:\* "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' "<SYSTEM32>\takeown.exe /F <SYSTEM32>\*log*exe & <SYSTEM32>\icacls.exe <SYSTEM32>\*log*exe /deny *S-1-1-0:F & <SYSTEM32>\takeown.exe /F <SYSTEM32>\*log*exe /A"' (со скрытым окном)
Запускает на исполнение
- '<SYSTEM32>\cmd.exe' "<SYSTEM32>\takeown.exe /F <SYSTEM32>\*log*exe & <SYSTEM32>\icacls.exe <SYSTEM32>\*log*exe /deny *S-1-1-0:F & <SYSTEM32>\takeown.exe /F <SYSTEM32>\*log*exe /A"
- '<SYSTEM32>\cmd.exe' "<SYSTEM32>\takeown.exe /F <SYSTEM32>\*skm*.exe & <SYSTEM32>\icacls.exe <SYSTEM32>\*skm*.exe /deny *S-1-1-0:F"
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q e:\* "
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q d:\* "
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q g:\* "
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q <Имя диска съемного носителя>:\* "
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q i:\* "
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q z:\* "
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q h:\* "
- '<SYSTEM32>\takeown.exe' /F <SYSTEM32>\*log*exe
- '<SYSTEM32>\takeown.exe' /F <SYSTEM32>\*skm*.exe
- '<SYSTEM32>\icacls.exe' <SYSTEM32>\*skm*.exe /deny *S-1-1-0:F
- '<SYSTEM32>\icacls.exe' <SYSTEM32>\*log*exe /deny *S-1-1-0:F
- '<SYSTEM32>\takeown.exe' /F <SYSTEM32>\*log*exe /A
- '<SYSTEM32>\cmd.exe' "%WINDIR%\ah.exe -accepteula -r -s -q c:\* & taskkill /f /im exp* "
