Техническая информация
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\cmdow.exe @ /HID
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\ChristmasSnowball.exe
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%WINDIR%/svchost.exe" "Remote %USERNAME% Service" ENABLE
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\Get-Xmas\Christmas Snowball\start.bat" "
- %HOMEPATH%\Desktop\Christmas Snowball.lnk
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\Synaptic.exe
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\WinRun.vbs
- %WINDIR%\svchost.exe
- %WINDIR%\raddrv.dll
- <SYSTEM32>\Macromed\Synaptic.exe
- %WINDIR%\WinRun.vbs
- %WINDIR%\AdmDll.dll
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\svchost.exe
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\4.tmp
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\ChristmasSnowball.exe
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\raddrv.dll
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\start.bat
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\AdmDll.dll
- %PROGRAM_FILES%\Get-Xmas\Christmas Snowball\cmdow.exe
- %TEMP%\$inst\4.tmp
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- ClassName: '' WindowName: '<SYSTEM32>\cmd.exe 1390002868'
- ClassName: 'Shell_TrayWnd' WindowName: ''