Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\sxerviicxes.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\sxexservicess.exe
- %HOMEPATH%\Start Menu\Programs\Startup\servicess.exe
- %HOMEPATH%\Start Menu\Programs\Startup\xsservicess.exe
- %WINDIR%\rmfdownload.exe (загружен из сети Интернет)
- <SYSTEM32>\attrib.exe +s +h "C:\users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\"*.* /s
- <SYSTEM32>\attrib.exe +s +h "%HOMEPATH%\Start Menu\Programs\Startup\"*.* /s
- <SYSTEM32>\cmd.exe /c %WINDIR%\kingkumar.bat
- %WINDIR%\rmfdownload.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\rmfdownload[1].exe
- %WINDIR%\kingkumar.bat
- %HOMEPATH%\Start Menu\Programs\Startup\xsservicess.exe
- %HOMEPATH%\Start Menu\Programs\Startup\servicess.exe
- 'my######5site.sitesled.com':80
- 'localhost':1065
- 'dr####n.no-ip.info':6600
- my######5site.sitesled.com/rmfdownload.exe
- DNS ASK my######5site.sitesled.com
- DNS ASK dr####n.no-ip.info
- ClassName: 'SysListView32' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: '' WindowName: 'Windows Task Manager'