Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\svchost.exe' = '%WINDIR%\svchost.exe:*:Enabled:Remote %USERNAME% Service'
- %PROGRAM_FILES%\Macromedia\Tree\cmdow.exe @ /HID
- %PROGRAM_FILES%\Macromedia\Tree\GreenChristmasTree.exe
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%WINDIR%/RunWin.vbs" "Remote %USERNAME% Service" ENABLE
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%WINDIR%/svchost.exe" "Remote %USERNAME% Service" ENABLE
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\Macromedia\Tree\start.bat" "
- %HOMEPATH%\Desktop\Tree.lnk
- %PROGRAM_FILES%\Macromedia\Tree\svchost.exe
- %PROGRAM_FILES%\Macromedia\Tree\WinRun.vbs
- %WINDIR%\AdmDll.dll
- %WINDIR%\raddrv.dll
- %WINDIR%\svchost.exe
- %WINDIR%\WinRun.vbs
- %PROGRAM_FILES%\Macromedia\Tree\start.bat
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\4.tmp
- %PROGRAM_FILES%\Macromedia\Tree\GreenChristmasTree.exe
- %PROGRAM_FILES%\Macromedia\Tree\raddrv.dll
- %PROGRAM_FILES%\Macromedia\Tree\AdmDll.dll
- %PROGRAM_FILES%\Macromedia\Tree\cmdow.exe
- %TEMP%\$inst\4.tmp
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- ClassName: '' WindowName: '<SYSTEM32>\cmd.exe 1219062876'
- ClassName: 'Shell_TrayWnd' WindowName: ''