Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\lpufxu] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\POWIIHX\lpufxu.bin'
- [<HKLM>\SYSTEM\ControlSet001\Services\lpufxu] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' start lpufxu
- '<SYSTEM32>\sc.exe' stop lpufxu
- '<SYSTEM32>\cmd.exe' /C del /S /Q "%ALLUSERSPROFILE%\Application Data\POWIIHX\lpufxu.bin"
- '<SYSTEM32>\cmd.exe' /C sc.exe create lpufxu type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\POWIIHX\lpufxu.bin" start= auto
- '<SYSTEM32>\sc.exe' create lpufxu type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\POWIIHX\lpufxu.bin" start= auto
- '<SYSTEM32>\sc.exe' stop null
- %ALLUSERSPROFILE%\Application Data\POWIIHX\lpufxu.bin
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\POWIIHX\rit0302.nfo
- %ALLUSERSPROFILE%\Application Data\POWIIHX\lpufxu.bin
- 'rp##.21civ.com':80
- 'localhost':1037
- http://rp##.21civ.com/az.php?st######################################################
- DNS ASK rp##.21civ.com
- ClassName: 'Shell_TrayWnd' WindowName: ''