Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /im javaw.exe
- javaw.exe
- C:\WinNT\EPD.bat
- C:\WinNT\System.vbs
- C:\WinNT\winmgtsOLD.dll
- C:\WinNT\ssd2453408cat.exe
- C:\WinNT\System.lnk
- %TEMP%\dw.log
- 'wp#d':80
- 'ip##fo.io':80
- 'li###.#00webhostapp.com':443
- http://11#.#11.111.1/wpad.dat via wp#d
- http://ip##fo.io/ip
- DNS ASK wp#d
- DNS ASK ip##fo.io
- DNS ASK li###.#00webhostapp.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\WinNT\System.vbs"
- 'C:\WinNT\ssd2453408cat.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\WinNT\EPD.bat" "
- '<SYSTEM32>\attrib.exe' -R /S C:/WinNT/*.*
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 920