Техническая информация
- <SYSTEM32>\subst.exe x: C:\
- <SYSTEM32>\subst.exe w: C:\
- <SYSTEM32>\subst.exe z: C:\
- <SYSTEM32>\subst.exe y: C:\
- <SYSTEM32>\fsutil.exe file Createnew "%PROGRAM_FILES%\54hdhfr.rrr" 19949999999999
- <SYSTEM32>\taskkill.exe /f /t /im explorer.exe
- <SYSTEM32>\taskkill.exe /f /t /im QQ.exe
- <SYSTEM32>\fsutil.exe file Createnew "%WINDIR%\Wintime32.rar" 19949999999999
- <SYSTEM32>\taskkill.exe /f /t /im taskmgr.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\yiqisi[1]
- %TEMP%\2781.bat
- %TEMP%\2781.bat
- 'www.yi##si.com':80
- 'localhost':1033
- www.yi##si.com/?u=######
- DNS ASK www.yi##si.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''