Техническая информация
- '%TEMP%\afolder\rcedsndr.exe' notify.wav
- '%TEMP%\afolder\rcedip.exe' bit.ly/121AqI7 -O ./ip.txt --quiet
- '%TEMP%\afolder\rcedspk.exe' Your IP address is
- '%TEMP%\afolder\rcedspk.exe' You are currently connected..
- '%TEMP%\ztmp\tmp8424.exe' f3GcN7SrE4 10 0
- '%TEMP%\ztmp\tmp8424.exe' f3GcN7SrE4 12 0
- '%TEMP%\ztmp\tmp8424.exe' j6NM4Cxfv3
- '%TEMP%\afolder\rcedspk.exe' Checking your connection..
- '%TEMP%\ztmp\tmp8424.exe' f3GcN7SrE4 7 0
- '<SYSTEM32>\findstr.exe' SUCCESS
- '<SYSTEM32>\ping.exe' -n 5 www.google.com
- '<SYSTEM32>\find.exe' "Reply from "
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- '<SYSTEM32>\find.exe' "1"
- '<SYSTEM32>\taskkill.exe' /f /im pinger.exe /fi "memusage gt 40"
- %TEMP%\afolder\rcedip.exe
- %TEMP%\afolder\ip.txt
- %TEMP%\ztmp\tmp8375.bat
- %APPDATA%\Microsoft\Speech\Files\UserLexicons\SP_56A27D6BABF74EBBB7965C17BE6B5F43.dat
- %TEMP%\ztmp\tmp8424.exe
- %TEMP%\afolder\rcedspk.exe
- %TEMP%\afolder\chimes.wav
- %TEMP%\afolder\art.txt
- %TEMP%\afolder\notify.wav
- %TEMP%\afolder\rcedsndr.exe
- %TEMP%\afolder\rasphone.pbk
- 'bi#.ly':80
- bi#.ly/121AqI7
- DNS ASK bi#.ly
- DNS ASK www.google.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'CicLoaderWndClass' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'