Техническая информация
- C:\hdsupdate\AppUpdate.exe
- C:\ffwyst
- <SYSTEM32>\net1.exe start W32Time
- <SYSTEM32>\cacls.exe ""%HOMEPATH%\Local Settings\Temp"" /T /P everyone:F
- <SYSTEM32>\cacls.exe ""%TEMP%\c3fc3e5ecdaddce4aac4e4f7927103f3.dat"" /T /P everyone:N
- <SYSTEM32>\attrib.exe +H +R ""%TEMP%\c3fc3e5ecdaddce4aac4e4f7927103f3.dat""
- <SYSTEM32>\cmd.exe /c c:\hdsupdate\AppUpdate.execql.bat
- <SYSTEM32>\sc.exe stop W32Time
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\Picx.jpg
- <SYSTEM32>\wscript.exe c:\zrpwif\uwrnn.vbs
- <SYSTEM32>\sc.exe config W32Time start=auto
- %HOMEPATH%\Recent\Local Disk (C).lnk
- %HOMEPATH%\Recent\Picx.lnk
- C:\hdsupdate\AppUpdate.execql.bat
- C:\zrpwif\uwrnn.vbs
- C:\ffwyst
- C:\Picx.jpg
- C:\hdsupdate\AppUpdate.exe
- C:\hdsupdate\config
- C:\zrpwif\uwrnn.vbs
- C:\ffwyst
- 'q6####29.3322.org':9009
- DNS ASK ti##.#indows.com
- DNS ASK q6####29.3322.org
- '<IP-адрес в локальной сети>':123
- 'ti##.#indows.com':123
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''