Техническая информация
- '%PROGRAM_FILES%\Microsoft.XiaTianTian\Hijack.exe'
- '<SYSTEM32>\ping.exe' 127.1
- '<SYSTEM32>\ping.exe' -a 127.1
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\nResurrection.bat
- %PROGRAM_FILES%\Microsoft.XiaTianTian\Hijack.res
- %PROGRAM_FILES%\Microsoft.XiaTianTian\Hijack.exe
- %TEMP%\nResurrection.bat