Техническая информация
- %WINDIR%\ime\630\rar.exe e -y -ping %WINDIR%\ime\630\11.rar %WINDIR%\ime\630\
- %PROGRAM_FILES%\baidu\630\csiss.exe
- %WINDIR%\ime\630\rar.exe e -y -ping %WINDIR%\ime\630\ok.rar %PROGRAM_FILES%\baidu\630\
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Local Settings\Temp" /T /P everyone:F
- <SYSTEM32>\wscript.exe %WINDIR%\ime\630\11.vbs //B
- <SYSTEM32>\cacls.exe "%TEMP%\cf76b75569b433bff0fdac722f652c9f.dat" /T /P everyone:N
- <SYSTEM32>\attrib.exe +H +R "%TEMP%\cf76b75569b433bff0fdac722f652c9f.dat"
- <SYSTEM32>\taskkill.exe /f /t /im ksafetray.exe
- <SYSTEM32>\cmd.exe /c %WINDIR%\ime\630\125.bat
- <SYSTEM32>\ping.exe 127.0.0.1 -n 2
- <SYSTEM32>\cmd.exe /c %WINDIR%\11a.bat
- %WINDIR%\ime\630\ji.bat
- %WINDIR%\ime\630\ab.bat
- %WINDIR%\ime\630\123.bat
- %WINDIR%\ime\630\123.txt
- %WINDIR%\ime\630\111.reg
- %WINDIR%\ime\630\11.vbs
- %WINDIR%\ime\630\11.txt
- %WINDIR%\ime\630\22.txt
- %PROGRAM_FILES%\baidu\630\csiss.exe
- %WINDIR%\ime\630\11.rar
- %WINDIR%\ime\630\ok.rar
- %WINDIR%\ime\630\rar.exe
- %WINDIR%\11a.bat
- %PROGRAM_FILES%\baidu\630\csiss.txt
- %WINDIR%\ime\630\125.bat
- %WINDIR%\ime\630\md5.txt
- %WINDIR%\ime\630\11.vbs
- %WINDIR%\ime\630\11.txt
- %TEMP%\~DFA027.tmp
- %PROGRAM_FILES%\baidu\630\csiss.txt
- 'zh####een.gicp.net':2011
- DNS ASK zh####een.gicp.net
- ClassName: '' WindowName: ''