Техническая информация
- <SYSTEM32>\ipseccmd.exe -w REG -p "www.ho###lq.com" -r "58.253.68.178" -f */*=58.253.68.178/*:: -n BLOCK -x -w REG -p "www.ho###lq.com" -r "121.10.108.253" -f */*=121.10.108.253/*:: -n BLOCK -x -w REG -p "www.ho###lq.com" -r "61.139.8.100" -f */*=61.139.8.100/*:: -n BLOCK -x -w REG -p "www.ho###lq.com" -o -x -w REG -p "www.ho###lq.com" -x -w REG -p "www.ho###lq.com" -r "58.221.31.156" -f */*=58.221.31.156/*:: -n BLOCK -x
- <SYSTEM32>\attrib.exe -h -s -r -a <SYSTEM32>\\142302.bat
- <SYSTEM32>\gpupdate.exe
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\\142302.bat
- %HOMEPATH%\Favorites\Нв№ТЧч·»ЧКФґХѕ [42724920.ys168.com].url
- <SYSTEM32>\ipseccmd.exe
- <SYSTEM32>\142302.bat
- <Полный путь к вирусу>7782\krnln.fnr
- %HOMEPATH%\Favorites\Нв№ТЧч·»№Щ·ЅХѕ [www.zuowg.com].url
- <Полный путь к вирусу>7782\krnln.fne
- %HOMEPATH%\Favorites\Нв№ТЧч·»№Щ·ЅХѕ [www.zuowg.com].url
- %HOMEPATH%\Favorites\Нв№ТЧч·»ЧКФґХѕ [42724920.ys168.com].url
- <DRIVERS>\etc\hosts
- ClassName: 'Shell_TrayWnd' WindowName: ''