Техническая информация
- %WINDIR%\ime\707\rar.exe e -y -ping %WINDIR%\ime\707\11.rar %WINDIR%\ime\707\ e -y -ping %WINDIR%\ime\707\ok.rar "%PROGRAM_FILES%\baidu\707\"
- <SYSTEM32>\attrib.exe +H +R ""%TEMP%\a26c783b992c070bf8055b334f32b02f.dat""
- <SYSTEM32>\cacls.exe ""%TEMP%\a26c783b992c070bf8055b334f32b02f.dat"" /T /P everyone:N
- <SYSTEM32>\cacls.exe "%TEMP%\a26c783b992c070bf8055b334f32b02f.dat" /T /P everyone:N
- <SYSTEM32>\cacls.exe ""%HOMEPATH%\Local Settings\Temp"" /T /P everyone:F
- <SYSTEM32>\cmd.exe /c %WINDIR%\ime\707\125.bat
- <SYSTEM32>\taskkill.exe /f /t /im ksafetray.exe
- <SYSTEM32>\wscript.exe %WINDIR%\11.vbs //B
- %PROGRAM_FILES%\baidu\707\csise.exe
- %PROGRAM_FILES%\baidu\707\csise.txt
- %WINDIR%\ime\707\11.txt
- %WINDIR%\11.vbs
- %WINDIR%\ime\707\ab.bat
- %WINDIR%\ime\707\11.rar
- %WINDIR%\ime\707\rar.exe
- %WINDIR%\ime\707\ok.rar
- %WINDIR%\ime\707\md5.txt
- %WINDIR%\ime\707\125.bat
- %WINDIR%\ime\707\11.txt
- %WINDIR%\11.vbs
- %PROGRAM_FILES%\baidu\707\csise.txt
- '75####011.3322.org':8008
- DNS ASK 75####011.3322.org
- ClassName: '' WindowName: ''