Техническая информация
- %TEMP%\Test.lnk
- '<SYSTEM32>\cmd.exe' /c ipconfig/renew
- '<SYSTEM32>\ipconfig.exe' /renew
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
- '<SYSTEM32>\calc.exe'
- '%TEMP%\Wyhell.exe'
- '<SYSTEM32>\cmd.exe' /c ipconfig/release
- '<SYSTEM32>\ipconfig.exe' /release
- <SYSTEM32>\calc.exe
- %TEMP%\7ZSfx000.cmd
- %TEMP%\Test.lnk
- %TEMP%\Wyhell.exe
- %TEMP%\Wyhell.exe
- %TEMP%\7ZSfx000.cmd
- 'r.###gyou.com':80
- http://r.###gyou.com/fcg-bin/cgi_get_portrait.fcg?ui#############
- DNS ASK r.###gyou.com
- ClassName: 'Shell_TrayWnd' WindowName: ''