Техническая информация
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://cn##.sjt8.com/info.access/?st#########
- %TEMP%\~1.bat
- <LS_APPDATA>\Client.ini
- <LS_APPDATA>\dClient.ini
- <LS_APPDATA>\hta.txt
- <LS_APPDATA>\kInstall.exe
- <LS_APPDATA>\sqlite3.txt
- <LS_APPDATA>\sta.txt
- <LS_APPDATA>\yClient.ini
- %WINDIR%\Installer\2c6ff.msi
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\2c701.ipi
- %WINDIR%\Installer\MSI4.tmp
- C:\Config.Msi\2c702.rbs
- %ProgramFiles%\WinRAR\hta.hta
- %ProgramFiles%\WinRAR\mshta.exe
- %TEMP%\~1.bat
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI4.tmp
- 'localhost':1039
- 'cn##.sjt8.com':80
- http://cn##.sjt8.com/info.access/?st#########
- DNS ASK cn##.sjt8.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- '%ProgramFiles%\WinRAR\mshta.exe' "%ProgramFiles%\WinRAR\hta.hta"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\~1.bat <Полный путь к файлу>
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""iexplore""http://cn##.sjt8.com/info.access/?st#########",0)(window.close)
- '<SYSTEM32>\msiexec.exe' /i "<LS_APPDATA>\hta.txt" /quiet
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding A3DB5F81D0DC866EFC8CAD034E43B63C