Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\NetLink.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\NetLink.lnk
- '%HOMEPATH%\wincert.exe'
- '<SYSTEM32>\ipconfig.exe' /all
- '<SYSTEM32>\xcopy.exe' "%TEMP%\NetLink.lnk" "%HOMEPATH%\Start Menu\Programs\Startup" /Y
- '<SYSTEM32>\xcopy.exe' "%TEMP%\NetLink.lnk" "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /Y
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wrkz[1].php
- %APPDATA%\WinApp\MZミ
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wrkz[1].php
- %TEMP%\iconfall.log
- %HOMEPATH%\wincert.exe
- %HOMEPATH%\suspects.doc
- %TEMP%\NetLink.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wrkz[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wrkz[1].php
- 'cr###store.com':80
- cr###store.com/worldcup/CRNJEUFU@URNXYMAV/MZ???
- cr###store.com/worldcup/wrkz.php?cn###############################
- DNS ASK cr###store.com
- ClassName: 'WordPadClass' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'