Техническая информация
- %TEMP%\c5a7e.tmp
- %TEMP%\c5d9a.tmp
- %TEMP%\c5f8f.tmp
- %LOCALAPPDATA%\microsoft\internet explorer\msimgsiz.dat
- <Текущая директория>\skinh_el.dll
- <Текущая директория>\skin.she
- %WINDIR%\dfgx.ini
- %TEMP%\c5a7e.tmp
- %TEMP%\c5d9a.tmp
- %TEMP%\c5f8f.tmp
- 'xb#.#9fe.com':80
- 'hu###omains.com':443
- 'my##.com':80
- 'hi.##idu.com':80
- 'in####ow.baidu.com':443
- http://xb#.#9fe.com/
- http://www.my##.com/ls/xbmmd5.txt
- http://www.my##.com/ls/xbm.exe
- http://hi.##idu.com/%E1%DB%B7%E5%B8%F3%C9%E7%C7%F8/blog/item/2ca0be688d8e25cb8db10db1.html
- 'hu###omains.com':443
- 'hi.##idu.com':443
- DNS ASK xb#.#9fe.com
- DNS ASK xb#.#ttx.com
- DNS ASK nt#.##dan.edu.cn
- DNS ASK my##.com
- DNS ASK hu###omains.com
- DNS ASK hi.##idu.com
- DNS ASK in####ow.baidu.com
- 'nt#.##dan.edu.cn':123
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c echo y|cacls <DRIVERS>\etc\hosts /g everyone:f && attrib -r -a -s -h <DRIVERS>\etc\hosts' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Полный путь к файлу>"
- '%WINDIR%\syswow64\cmd.exe' /c echo y|cacls <DRIVERS>\etc\hosts /g everyone:f && attrib -r -a -s -h <DRIVERS>\etc\hosts
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" echo y"
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /g everyone:f
- '%WINDIR%\syswow64\attrib.exe' -r -a -s -h <DRIVERS>\etc\hosts