Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%APPDATA%\scvhost.exe'
- '%APPDATA%\scvhost.exe'
- '<SYSTEM32>\cmd.exe' /C echo. > "":Zone.Identifier
- C:\DbgLog.log', 0xace51, 0x1:[0x473A6EA32C7AA697] E_WriteFile: pid 0x6e8, tid 0x6ec, token 0, 0x8161cab0, 'C:\DbgLog.log
- \Device\HarddiskVol
- C:\~nmiumhh.tmp
- \Device\Hard22:58:05.921 [0x473A6EA32C7A9A18] E_WriteFile: pid 0x6e8, tid 0x6ec, token 0, 0x8161cab0, 'C:\DbgLog.log
- C:\~mbpczvr.tmp
- \Device\Harddispid 0x99c, tid 0x9a
- C:\~qlbbkfx.tmp
- \Device\HarddiDAB] E_WriteFile: pid 0x6e8, tid 0x6ec, token 0, 0x8161cab0, 'C:\DbgLog.log
- %APPDATA%\scvhost.exe
- <Текущая директория>:Zone.Identifier
- %TEMP%\aut1.tmp
- %TEMP%\fnrffvo
- %APPDATA%\30D41DF5A58C74FBC4CDD0D1B6B90B9C
- %HOMEPATH%\Templates\excel.xls.locked
- %TEMP%\aut2.tmp
- %TEMP%\qyipsfa
- %TEMP%\aut2.tmp
- %TEMP%\qyipsfa
- %TEMP%\aut1.tmp
- %TEMP%\fnrffvo