Техническая информация
- C:\temp\IExplorer.lnk
- C:\temp\chrome.lnk
- '<SYSTEM32>\mshta.exe' C:\$RECYCLE!BIN\Thumbs.db
- '<SYSTEM32>\cmd.exe' /c C:\system32\cmd.cmd
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "C:\system32\kk.doc"
- C:\$RECYCLE!BIN\chrome.exe
- %TEMP%\Temporary Directory 1 for Thumbs.zip\chrome.exe
- %TEMP%\Temporary Directory 1 for Thumbs.zip\google.ico
- C:\system32\cmd.cmd
- C:\$RECYCLE!BIN\google.ico
- C:\$RECYCLE!BIN\JavaScript.jse
- C:\$RECYCLE!BIN\Thumbs.zip
- C:\system32\kk.doc
- %TEMP%\Temporary Directory 1 for Thumbs.zip\Thumbs.db
- %TEMP%\Temporary Directory 1 for Thumbs.zip\JavaScript.jse
- C:\$RECYCLE!BIN\Thumbs.db
- C:\$RECYCLE!BIN\Thumbs.db
- C:\system32\cmd.cmd
- C:\$RECYCLE!BIN\Thumbs.zip
- C:\$RECYCLE!BIN\JavaScript.jse в %HOMEPATH%\appdata\local\History\JavaScript.jse
- C:\$RECYCLE!BIN\chrome.exe в %HOMEPATH%\appdata\local\History\chrome.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''