Техническая информация
- %WINDIR%\Tasks\FON9.exe
- %WINDIR%\Tasks\FONy.vbe
- '%WINDIR%\Tasks\FON9.exe' 10.0.0.2 :
- '%WINDIR%\Tasks\FON9.exe' 10.0.0.3 :
- '%CommonProgramFiles%\sfbsbvy\coiome.exe'
- '%WINDIR%\Tasks\FON9.exe' 10.0.0.1 :
- '<SYSTEM32>\taskkill.exe' /im conime.exe /f
- '<SYSTEM32>\sc.exe' config lanmanserver start= auto
- '<SYSTEM32>\sc.exe' config lanmanworkstation start= auto
- '<SYSTEM32>\sc.exe' stop LYTC
- '<SYSTEM32>\sc.exe' config LmHosts start= auto
- '<SYSTEM32>\taskkill.exe' /im coiome.exe /f
- '<SYSTEM32>\mshta.exe' "%PROGRAM_FILES%\GDU.hta"
- '<SYSTEM32>\sc.exe' config Browser start= auto
- '<SYSTEM32>\taskkill.exe' /im iejore.exe /f
- '<SYSTEM32>\sc.exe' delete JavaServe
- %WINDIR%\Fonts\op.ini
- %HOMEPATH%\Desktop\2345НшЦ·µјєЅ.url
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\b[1].jpg
- %PROGRAM_FILES%\GDU.hta
- %CommonProgramFiles%\sfbsbvy\coiome.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\b[1].jpg
- %PROGRAM_FILES%\GDU.hta
- '<IP-адрес в локальной сети>':445
- '<IP-адрес в локальной сети>':135
- 'localhost':1035
- 's.###6800.com':80
- s.###6800.com/b.jpg
- DNS ASK tj.##16800.com
- DNS ASK do####ad13.subo.me
- DNS ASK s.###6800.com
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'