Техническая информация
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 2 &del "<Полный путь к файлу>"
- '<SYSTEM32>\rundll32.exe'
- <SYSTEM32>\rundll32.exe
- %TEMP%\ytG13.tmp
- %TEMP%\7tr12.tmp
- %TEMP%\WCC15.tmp
- %TEMP%\fKe14.tmp
- %TEMP%\qDPF.tmp
- %TEMP%\5FkE.tmp
- %TEMP%\nEp11.tmp
- %TEMP%\88a10.tmp
- %TEMP%\a3y16.tmp
- %TEMP%\hRj1C.tmp
- %TEMP%\NFZ1B.tmp
- %TEMP%\UQX1E.tmp
- %TEMP%\v861D.tmp
- %TEMP%\ou118.tmp
- %TEMP%\jL517.tmp
- %TEMP%\ONR1A.tmp
- %TEMP%\k6n19.tmp
- %TEMP%\Ywx3.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\_a9584910[1].zip
- %TEMP%\ult4.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\_a9584910[1].zip
- %TEMP%\VTY1.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\_a9584910[1].zip
- %TEMP%\KH12.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\_a9584910[1].zip
- %TEMP%\hRJ5.tmp
- %TEMP%\3h1B.tmp
- %TEMP%\NI1A.tmp
- %TEMP%\aKYD.tmp
- %TEMP%\a5JC.tmp
- %TEMP%\mxk7.tmp
- %TEMP%\H0Z6.tmp
- %TEMP%\KTe9.tmp
- %TEMP%\bVs8.tmp
- 'dw.#efb.com':80
- 'in#.#gkj.com':80
- 'in#.#8qz.com':80
- http://dw.#efb.com/soft1/niu/_a9584910.zip
- http://in#.#gkj.com/soft1/niu/_a9584910.zip
- http://in#.#8qz.com/soft1/niu/_a9584910.zip
- DNS ASK dw.#efb.com
- DNS ASK in#.#gkj.com
- DNS ASK in#.#8qz.com