Техническая информация
- %WINDIR%\322.vbs
- %WINDIR%\令人震憾的照片.jpg
- %WINDIR%\483.exe
- %WINDIR%\syswow64\hxgwrr.bat
- nul
- %WINDIR%\483.exe
- 'xz##n.cn':80
- http://45.##.164.153/nba/image.jpg
- http://www.xz##n.cn/nba/image.jpg
- http://45.##.164.153/files/image.jpg
- http://www.xz##n.cn/files/image.jpg
- http://45.##.164.153/sports/image.jpg
- http://www.xz##n.cn/sports/image.jpg
- http://45.##.164.153/news/image.jpg
- http://www.xz##n.cn/news/image.jpg
- DNS ASK xz##n.cn
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\322.vbs"
- '%WINDIR%\483.exe'
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\hxgwrr.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\hxgwrr.bat
- '%WINDIR%\syswow64\ping.exe' -n 3 127.0.0.1