Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\projectx.lnk
- %APPDATA%\microsoft\windows\start menu\programs\cocbuilder server's\projectx\projectx.lnk
- %HOMEPATH%\desktop\projectx.lnk
- %TEMP%\tmp134b.tmp
- %TEMP%\tmp136a.tmp
- %TEMP%\tmp135b.tmp
- %TEMP%\tmp138a.tmp
- %TEMP%\tmp1417.tmp
- %TEMP%\tmp187c.tmp
- %TEMP%\tmp1b4b.tmp
- %TEMP%\tmp1c84.tmp
- %TEMP%\tmp136a.tmp
- %TEMP%\tmp1417.tmp
- %TEMP%\tmp134b.tmp
- %TEMP%\tmp187c.tmp
- %TEMP%\tmp135b.tmp
- %TEMP%\tmp1b4b.tmp
- %TEMP%\tmp138a.tmp
- %TEMP%\tmp1c84.tmp
- http://os##.#ocbuilder.su/CodeSigning/1/RevokeList.crl
- http://os##.#ocbuilder.su/Main/RevokeList.crl
- DNS ASK os##.#ocbuilder.su
- '<SYSTEM32>\route.exe' delete 85.119.149.111
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule remoteip=85.119.149.111 name=all
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule remoteip=85.119.149.111/31 name=all
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule dir=out name=all