Техническая информация
- C:\flashtemp\flashloader.exe
- %TEMP%\853397.exe
- %TEMP%\853397.exe (загружен из сети Интернет)
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe /noconfig /fullpaths @"%TEMP%\l6xj4_em.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4.tmp" "%TEMP%\CSC3.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe /noconfig /fullpaths @"%TEMP%\6jgqqqyc.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- ICQ.exe
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- %TEMP%\l6xj4_em.cmdline
- %TEMP%\l6xj4_em.0.cs
- %TEMP%\853397.exe
- %TEMP%\l6xj4_em.out
- %TEMP%\l6xj4_em.dll
- %TEMP%\RES4.tmp
- %TEMP%\CSC3.tmp
- %TEMP%\6jgqqqyc.out
- %TEMP%\6jgqqqyc.cmdline
- %TEMP%\6jgqqqyc.0.cs
- %TEMP%\CSC1.tmp
- C:\flashtemp\flashloader.exe
- %TEMP%\6jgqqqyc.dll
- %TEMP%\RES2.tmp
- %TEMP%\l6xj4_em.out
- %TEMP%\CSC3.tmp
- %TEMP%\RES4.tmp
- %TEMP%\l6xj4_em.dll
- %TEMP%\l6xj4_em.cmdline
- %TEMP%\l6xj4_em.0.cs
- %TEMP%\6jgqqqyc.0.cs
- %TEMP%\CSC1.tmp
- %TEMP%\RES2.tmp
- %TEMP%\6jgqqqyc.cmdline
- %TEMP%\6jgqqqyc.dll
- %TEMP%\6jgqqqyc.out
- 'x3##et.com':80
- 'www.x3##et.com':80
- www.x3##et.com/root/mediaupdate/installauncher.exe
- x3##et.com/root/ss/creater.php
- DNS ASK x3##et.com
- DNS ASK www.x3##et.com