Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\xserver.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\xrver.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\IE_cache.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\xserver.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\xrver.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\IE_cache.lnk
- C:\security\userss\data\config\update\updatess.exe
- C:\security\userss\data\config\update\security.exe
- C:\security\userss\data\config\update\googleupdatess.exe
- <SYSTEM32>\xcopy.exe "%HOMEPATH%\Start Menu\Programs\Startup\IE_cache.lnk" "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /Y
- <SYSTEM32>\xcopy.exe "%HOMEPATH%\Start Menu\Programs\Startup\xrver.lnk" "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /Y
- <SYSTEM32>\xcopy.exe "%HOMEPATH%\Start Menu\Programs\Startup\xserver.lnk" "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /Y
- C:\security\userss\data\config\update\googleupdatess.exe
- %TEMP%\ms2625.tmp
- C:\security\userss\data\config\update\sonic.ax
- C:\security\userss\data\config\update\one militant Abdul rehman killed.doc
- C:\security\userss\data\config\update\security.exe
- C:\security\userss\data\config\update\updatess.exe
- 'al##ady.net':80
- al##ady.net/ipconfig.php
- DNS ASK al##ady.net
- '<IP-адрес в локальной сети>':1035
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''