Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winX' = '<SYSTEM32>\winX.exe'
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2012.07.04T14.34\Native\STUBEXE\8.0.1112\@SYSTEM@\winX.exe
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2012.07.04T14.34\Native\STUBEXE\8.0.1112\@SYSTEM@\REG.exe ADD "HKLM\software\microsoft\windows\currentversion\run" /v "winX" /d "<SYSTEM32>\winX.exe"
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2012.07.04T14.34\Native\STUBEXE\8.0.1112\@SYSTEM@\netsh.exe firewall set opmode disabled
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2012.07.04T14.34\Virtual\STUBEXE\8.0.1112\@APPDIR@\PhotoAlbum.exe
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2012.07.04T14.34\Native\STUBEXE\8.0.1112\@PROFILE@\Local Settings\Temp\PhotoAlbum.exe
- <SYSTEM32>\winX.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xd[1].bin
- %TEMP%\PhotoAlbum.exe
- 'la####la.zapto.org':80
- la####la.zapto.org/xd.bin
- DNS ASK la####la.zapto.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''