Техническая информация
- '<SYSTEM32>\wscript.exe' "%TEMP%\delay.vbs"
- '<SYSTEM32>\logonui.exe' /status /shutdown
- '<SYSTEM32>\cmd.exe' /c c:\Del.bat
- %TEMP%\delay.vbs
- C:\Del.bat
- %TEMP%\delay.vbs
- 'sd######fsdgdf.blog.163.com':80
- '12#.#25.114.144':80
- sd######fsdgdf.blog.163.com/blog/static/2128960462012926105021524/
- 12#.#25.114.144/new/xjp0595
- DNS ASK sd######fsdgdf.blog.163.com
- DNS ASK hi.##idu.com
- ClassName: 'StatusWindowClass' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'