Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\169953] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\xa.exe' = '%TEMP%\xa.exe:*:Enabled:KL'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\Debug\cosp86.exe' = '%WINDIR%\Debug\cosp86.exe:*:Enabled:KL'
- '%WINDIR%\Debug\cosp86.exe' /start
- '%WINDIR%\Debug\cosp86.exe'
- '<Текущая директория>\Xa.sfx.exe' -p1243qwe -d%HOMEPATH%\Local Settings\Temp
- '%TEMP%\Xa.exe'
- '<SYSTEM32>\sc.exe' delete 169953
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\qwe.bat" "
- [<HKCU>\SOFTWARE\FlashFXP\3]
- [<HKLM>\SOFTWARE\FlashFXP\3]
- %WINDIR%\Debug\cosp86.exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\index[1].php
- %WINDIR%\Debug\result.dark
- %WINDIR%\Debug\bc
- <Текущая директория>\qwe.bat
- <Текущая директория>\Xa.sfx.exe
- %TEMP%\Xa.exe
- %WINDIR%\Debug\result.dark
- %WINDIR%\Debug\cosp86.exe
- %WINDIR%\Debug\bc
- 'mo##.vv.si':80
- mo##.vv.si/index.php?ui##################
- mo##.vv.si/upload.php
- DNS ASK mo##.vv.si
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''