Техническая информация
- %TEMP%\dnfxx.exe
- %TEMP%\Д¦¶ыЧЇФ°Нв№Т ЈЁЛўі¬АЎўѕСйЎўГЧ±ТЈ©.exe
- <SYSTEM32>\ftp.exe -s:c:\cc3.dat
- <SYSTEM32>\sc.exe stop sharedaccess
- <SYSTEM32>\alg.exe
- <SYSTEM32>\sc.exe start sharedaccess
- <SYSTEM32>\cmd.exe /c ""%TEMP%\RarSFX0\winxp.bat" "
- <SYSTEM32>\wscript.exe "%TEMP%\RarSFX0\winxp.vbs"
- <SYSTEM32>\ping.exe -n 1 127.1
- <SYSTEM32>\ping.exe -n 3 127.1
- %TEMP%\RarSFX0\winxp.vbs
- C:\cc3.dat
- %TEMP%\RarSFX0\winxp.bat
- %TEMP%\Д¦¶ыЧЇФ°Нв№Т ЈЁЛўі¬АЎўѕСйЎўГЧ±ТЈ©.exe
- %TEMP%\dnfxx.exe
- %TEMP%\RarSFX0\winxp.vbs
- %TEMP%\RarSFX0\winxp.bat
- 'www.rt##rt.cn':21
- 'localhost':1038
- DNS ASK www.rt##rt.cn
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''