Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\GooglServics.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\HddDirve.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\HddDirve.lnk
- '%HOMEPATH%\winsvcr.exe'
- '%HOMEPATH%\wincert.exe'
- '<SYSTEM32>\ipconfig.exe' /all
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\R.vbs"
- '<SYSTEM32>\xcopy.exe' "%TEMP%\HddDirve.lnk" "%HOMEPATH%\Start Menu\Programs\Startup" /Y
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %HOMEPATH%\Full_Details_of_Broadridge _Financial_Solutions_Salary_Company_Location_Related_12_Feb_2013.docx
- '<SYSTEM32>\xcopy.exe' "%TEMP%\HddDirve.lnk" "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /Y
- %HOMEPATH%\GooglServics.lnk
- %HOMEPATH%\R.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\snwd[1].php
- %APPDATA%\NTUSER\mxole.cpx
- %TEMP%\iconfall.log
- %HOMEPATH%\wincert.exe
- %HOMEPATH%\Full_Details_of_Broadridge _Financial_Solutions_Salary_Company_Location_Related_12_Feb_2013.docx
- %TEMP%\HddDirve.lnk
- %HOMEPATH%\winsvcr.exe
- 'sk###rzone.org':80
- 'localhost':1036
- sk###rzone.org/draw/snwd.php?tp################################################################################################################
- DNS ASK sk###rzone.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'