Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Rising RavTask Manage.] 'Start' = '00000002'
- %WINDIR%\Rising\svchot.exe
- <SYSTEM32>\cmd.exe /c %WINDIR%\uninstal.bat
- <SYSTEM32>\cmd.exe /c zz.bat
- %TEMP%\port.ini
- %TEMP%\language.ini
- %TEMP%\reg.lst
- %TEMP%\sql_user.dic
- %TEMP%\sql_pass.dic
- %TEMP%\Xscan.exe
- %TEMP%\wpcap.dll
- %TEMP%\XScanLib.dll
- %TEMP%\language.cn
- %TEMP%\config.ini
- %TEMP%\dat\sql_user.dic
- %TEMP%\dat\sql_pass.dic
- %TEMP%\plugins\checkactive.xpn
- %TEMP%\plugins\crack_sql.xpn
- %WINDIR%\uninstal.bat
- %TEMP%\dat\language.cn
- %TEMP%\dat\config.ini
- %TEMP%\dat\language.ini
- %TEMP%\dat\reg.lst
- %TEMP%\dat\port.ini
- %TEMP%\zz.bat
- %TEMP%\crack_sql.xpn
- %TEMP%\1.bat
- %TEMP%\b.bat
- %TEMP%\2.bat
- %TEMP%\qqtz.exe
- %TEMP%\1433ЧФ¶Їґ«ВнСІ»ШЖч№¤ѕЯ.exe
- %TEMP%\E_4\krnln.fnr
- %TEMP%\checkactive.xpn
- %WINDIR%\Rising\svchot.exe
- %TEMP%\report.dll
- %TEMP%\rep.exe
- %TEMP%\sqlr.exe
- %TEMP%\wanpacket.dll
- %TEMP%\up.txt
- %TEMP%\cor.exe
- %TEMP%\CheckHost.exe
- %TEMP%\NaslLib.dll
- %TEMP%\packet.dll
- %TEMP%\npf.sys
- %WINDIR%\Rising\svchot.exe
- %TEMP%\reg.lst
- %TEMP%\port.ini
- %TEMP%\sql_pass.dic
- %TEMP%\qqtz.exe
- %TEMP%\sql_user.dic
- %TEMP%\config.ini
- %TEMP%\checkactive.xpn
- %TEMP%\crack_sql.xpn
- %TEMP%\language.ini
- %TEMP%\language.cn
- 'xi#####1234.3322.org':8000
- DNS ASK xi#####1234.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''