Техническая информация
- %WINDIR%\rwx.bat
- %WINDIR%\vvt.bat
- %WINDIR%\rwx.bat (загружен из сети Интернет)
- %WINDIR%\vvt.bat (загружен из сети Интернет)
- <SYSTEM32>\wscript.exe "%WINDIR%\rwx.vbs"
- <SYSTEM32>\wscript.exe "%WINDIR%\jingling.vbs"
- <SYSTEM32>\wscript.exe "%WINDIR%\urlcore.vbs"
- <SYSTEM32>\wscript.exe "%WINDIR%\abc.vbs"
- <SYSTEM32>\wscript.exe "%WINDIR%\vvt.vbs"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\xinyuwang.liondrive[1]
- %WINDIR%\vvt.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\xinyuwang.liondrive[2]
- %WINDIR%\rwx.bat
- %WINDIR%\jingling.vbs
- %WINDIR%\vvt.vbs
- %WINDIR%\urlcore.vbs
- %WINDIR%\abc.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xinyuwang.liondrive[1]
- %WINDIR%\rwx.vbs
- %WINDIR%\rwx.vbs
- %WINDIR%\urlcore.vbs
- %WINDIR%\abc.vbs
- %WINDIR%\vvt.vbs
- 'xi#####ng.liondrive.com':80
- 'localhost':1041
- 'localhost':1036
- 'localhost':1038
- xi#####ng.liondrive.com/?ac####################################
- DNS ASK xi#####ng.liondrive.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''