Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{FI7P0IS0-60U7-T46V-50S4-0575B72TIS56}] 'StubPath' = '%WINDIR%\install\viker.exe Restart'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{FI7P0IS0-60U7-T46V-50S4-0575B72TIS56}] 'StubPath' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = ''
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2011.04.17T11.05\Native\STUBEXE\7.1.280\@WINDIR@\explorer.exe
- %WINDIR%\install\viker.exe
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2011.04.17T11.05\Native\STUBEXE\7.1.280\@PROGRAMFILES@\Windows NT\Accessories\WORDPAD.EXE "<SYSTEM32>\بيان داخلي صادر عن كوادر حركة فتح... هام جدا.doc"
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2011.04.17T11.05\Virtual\STUBEXE\7.1.280\@SYSTEM@\PDRDY.exe
- %WINDIR%\explorer.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\XX--XX--XX.txt
- %APPDATA%\install\viker.exe
- %WINDIR%\install\viker.exe
- %WINDIR%\install\viker.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''