Техническая информация
- '%TEMP%\uni1248517c.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /C copy /b "%TEMP%\KeLe2014Beta3.6.2Promote0714_20090195130.exe" + "%WINDIR%\Fonts\verdana.ttf" "%TEMP%\KeLe2014Beta3.6.2Promote0714_20090195130.exe"
- '%TEMP%\uni1248517c.exe'
- '<SYSTEM32>\cmd.exe' /C copy /b "%TEMP%\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe" + "%WINDIR%\Fonts\verdana.ttf" "%TEMP%\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe"
- %TEMP%\nsy2.tmp\ExecCmd.dll
- %TEMP%\nsy2.tmp\ZipDLL.dll
- %TEMP%\33.tmp
- %TEMP%\23.tmp
- %TEMP%\uni1248517c.exe
- %TEMP%\21.tmp
- %TEMP%\nsy2.tmp\Inetc.dll
- %TEMP%\2.gif
- %TEMP%\nsy2.tmp\System.dll
- %TEMP%\nsy2.tmp\nsRandom.dll
- %TEMP%\nsy2.tmp\Base64.dll
- %TEMP%\1.zip
- 'k.###ing.com.cn':80
- 't.#n':80
- 'pv.#ohu.com':80
- http://k.###ing.com.cn/d/uni1248517c.exe
- http://t.#n/RLencZm
- http://t.#n/RyvGRtU
- http://pv.#ohu.com/cityjson
- http://t.#n/RywPElm
- DNS ASK k.###ing.com.cn
- DNS ASK t.#n
- DNS ASK pv.#ohu.com
- ClassName: '#32770' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''