When you see any of these file names in the list below in your server, your files may have already been injected with malicious code and your server may have been comprised.
/.well-known/ALFA_DATA /.well-known/alfacgiapi /.well-known/cgialfa /1index.php /ALFA_DATA /admin.php /alfa.php /alfacgiapi /alfindex.php /archives.php /beence.php /boom.php /cgialfa /cindex.php /config.bak.php /defau11.php /defau1t.php /doc.php /error.php /export.php /gank.php.PhP /larva.php /legion.php /media-admin.php /moduless.php /old-index.php /radio.php /s_e.php /s_ne.php /style.php /system_log.php /th3_err0r.php /ups.php /wp-1ogin_bak.php /wp-admin/ALFA_DATA /wp-admin/alfacgiapi /wp-admin/cgialfa /wp-admin/config.bak.php /wp-admin/style.php /wp-backup-sql-302.php /wp-booking.php /wp-content/ALFA_DATA /wp-content/alfacgiapi /wp-content/cgialfa /wp-content/config.bak.php /wp-content/db-cache.php /wp-content/db_cache.php /wp-content/export.php /wp-content/mu-plugins/db-safe-mode.php /wp-content/outcms.php /wp-content/plugins/backup_index.php /wp-content/plugins/ioptimization/IOptimize.php /wp-content/plugins/wpconfig.bak.php /wp-content/themes/config.bak.php /wp-content/uploads/ALFA_DATA /wp-content/uploads/alfacgiapi /wp-content/uploads/cgialfa /wp-content/wp-1ogin_bak.php /wp-includes/ALFA_DATA /wp-includes/alfacgiapi /wp-includes/cgialfa /wp-includes/config.bak.php /wp-includes/css/css.php /wp-includes/fonts/css.php /wp-includes/images/css.php /wp-plugins.php /wp-signin.php /wp_wrong_datlib.php /wpindex.php /xmlrp.php
