Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\360Rce.lnk
- %TEMP%\125718_res.tmp
- [<HKLM>\SYSTEM\ControlSet001\Services\COMSysApp] 'Start' = '00000002'
- %PROGRAM_FILES%\Internet Explorer\carss.exe %WINDIR%\Temp\hx107.tmp CodeMain
- %WINDIR%\Temp\Oath.exe
- %PROGRAM_FILES%\360Rce.exe
- %WINDIR%\regedit.exe /s C:\1.reg
- %PROGRAM_FILES%\wi139015nd.temp
- %PROGRAM_FILES%\Internet Explorer\carss.exe
- C:\1.reg
- %WINDIR%\Temp\Oath.exe
- %TEMP%\117359_res.tmp
- %TEMP%\125718_res.tmp
- %WINDIR%\Temp\Oath.ini
- C:\1.reg
- %WINDIR%\Temp\Oath.ini
- 'li####u.3322.org':9000
- DNS ASK li####u.3322.org
- ClassName: 'RegEdit_RegEdit' WindowName: ''