Техническая информация
- %TEMP%\BDDB6AC4-7713-4b98-9955-4471A53523AC
- <SYSTEM32>\BDDB6AC4-7713-4b98-9955-4471A53523AC
- <Текущая директория>\ИИСЄєП»ч_WCA.exe
- %TEMP%\BDDB6AC4-7713-4b98-9955-4471A53523AC
- <SYSTEM32>\BDDB6AC4-7713-4b98-9955-4471A53523AC
- <Текущая директория>\ИИСЄєП»ч_WCA.exe
- 'li###.fpmen.com':80
- 'li###.pk9g.com':80
- 'li###.jxsl123.com':80
- http://li###.fpmen.com/UserUpdata/EEEE6637F88CDF6E4AE9C6/��Ѫ�ϻ�.exe.txt
- http://li###.pk9g.com/UserId/EEEE6637F88CDF6E4AE9C6.txt
- http://li###.jxsl123.com/UserId/EEEE6637F88CDF6E4AE9C6.txt
- http://li###.fpmen.com/UserId/EEEE6637F88CDF6E4AE9C6.txt
- DNS ASK li###.fpmen.com
- DNS ASK li###.pk9g.com
- DNS ASK li###.jxsl123.com
- '<Текущая директория>\ИИСЄєП»ч_WCA.exe'
- '<SYSTEM32>\cmd.exe' /c netsh advfirewall set allprofiles state off
- '<SYSTEM32>\netsh.exe' advfirewall set allprofiles state off