Техническая информация
- '<Текущая директория>\ФЇ№ЕєП»ч_WCA.exe'
- '<SYSTEM32>\netsh.exe' advfirewall set allprofiles state off
- '<SYSTEM32>\cmd.exe' /c netsh advfirewall set allprofiles state off
- <Текущая директория>\ФЇ№ЕєП»ч_WCA.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\tj.qb138[1]
- %TEMP%\3408DF31-B4D3-4923-852A-6428691079D3
- <SYSTEM32>\3408DF31-B4D3-4923-852A-6428691079D3
- <Текущая директория>\ФЇ№ЕєП»ч_WCA.exe
- <SYSTEM32>\3408DF31-B4D3-4923-852A-6428691079D3
- %TEMP%\3408DF31-B4D3-4923-852A-6428691079D3
- 'li###.pk9g.com':80
- 'localhost':1045
- 'tj.##138.com':80
- 'li###.fpmen.com':80
- 'li###.xiang99.cn':80
- 'li###.tzzzky.com':80
- http://li###.tzzzky.com/UserId/GGGGE6B135BCF1AD96F2FB.txt
- http://li###.pk9g.com/UserId/GGGGE6B135BCF1AD96F2FB.txt
- http://tj.##138.com/
- http://li###.fpmen.com/UserUpdata/GGGGE6B135BCF1AD96F2FB/ԯ�źϻ�.exe.txt
- http://li###.fpmen.com/UserId/GGGGE6B135BCF1AD96F2FB.txt
- http://li###.xiang99.cn/UserId/GGGGE6B135BCF1AD96F2FB.txt
- DNS ASK li###.pk9g.com
- DNS ASK tj.##138.com
- DNS ASK li###.tzzzky.com
- DNS ASK li###.fpmen.com
- DNS ASK li###.xiang99.cn
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''