Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /im notepad.exe
- <Текущая директория>\Recycle Bin\notepad.exe
- <Текущая директория>\Recycle Bin\FM20.DLL
- <Текущая директория>\Recycle Bin\FM20ENU.DLL
- <Текущая директория>\Recycle Bin\FM20.oca
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\sever[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\11.4[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\sever2[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\time[1].php
- <DRIVERS>\etc\hosts
- 'localhost':1036
- '10#.#7.236.29':80
- 'fa##.##tolienminh.com':80
- http://10#.#7.236.29/RoS/sever.php
- http://10#.#7.236.29/RoS/11.4.php
- http://fa##.##tolienminh.com/RoS/sever2.php
- http://10#.#7.236.29/RoS/time.php
- DNS ASK fa##.##tolienminh.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<Текущая директория>\Recycle Bin\notepad.exe'
- '<SYSTEM32>\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8