Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\xerox\nwmedia\lsass.exe' = '%PROGRAM_FILES%\xerox\nwmedia\lsass.exe:*:Enabled:Session Win32'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\xerox\nwmedia\lsass.exe' = '%PROGRAM_FILES%\xerox\nwmedia\lsass.exe:*:Enabled:Session Win32'
- '%PROGRAM_FILES%\xerox\nwmedia\file.exe'
- '%PROGRAM_FILES%\xerox\nwmedia\lsass.exe'
- '%PROGRAM_FILES%\xerox\nwmedia\file.exe' (загружен из сети Интернет)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram PROGRAM="%PROGRAM_FILES%\xerox\nwmedia\lsass.exe" NAME="Session Win32" MODE=ENABLE PROFILE=ALL
- '<SYSTEM32>\cmd.exe' /c "%PROGRAM_FILES%\xerox\nwmedia\vcdg.bat"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\thumb[1].res
- %PROGRAM_FILES%\xerox\nwmedia\file.exe
- %PROGRAM_FILES%\xerox\nwmedia\vcdg.bat
- %PROGRAM_FILES%\xerox\nwmedia\lsass.exe
- %TEMP%\~DF213B.tmp
- %TEMP%\~DF143F.tmp
- 'www.zo###ave.com':80
- 'localhost':1035
- www.zo###ave.com/forum/thumb.res
- DNS ASK www.zo###ave.com
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'tmp'